Privacy Policy
Last updated: July 9, 2026
This Privacy Policy forms part of the Terms & Conditions of Benux Corp, located at 1317 Westminster Dr, Woodridge, Illinois 60517, USA ("we," "our," "us," "Company"). All capitalized terms used in this Policy have the meaning given in the Terms & Conditions unless defined below.
This Policy explains how we collect, use, store and share your information. By providing personal information, you consent to our collection, use and disclosure of it in accordance with this Policy and any other arrangement we have with you. We may change this Policy from time to time by posting an updated version. The current effective date is at the bottom of this page.
1. Definitions
- Personal Information — any information that identifies, relates to, describes or could reasonably be linked to you.
- Payment Information — information needed to purchase the Service (last four digits of card, billing country, brand, payment ID).
- Health data — information about your health, body and lifestyle you share with us in the questionnaire, weekly check-ins, daily logs and meal photos.
- Automatic Data — technical data automatically sent by your device and browser when you use the Service (IP address, browser identifier, device characteristics, page-view statistics).
- Non-Personal Information — aggregated or anonymized information that does not identify any individual.
2. Information we collect
We collect information you voluntarily provide through the questionnaire, account creation, dashboard logging, support correspondence, surveys, and any communication with our coaches.
This includes:
- Identity & contact: first name, email address, phone number, postal address (if you provide it), date of birth (if you provide it).
- Demographics: gender, age, height, weight.
- Health information: diabetes type, years since diagnosis, medications, complications, fasting glucose, hypoglycemia history, exercise history, lifestyle, sleep, diet style, foot condition, current symptoms, weekly glucose / weight / energy ratings, meal photos and notes, daily check-in entries.
- Payment Information: the last four digits of your card, brand, billing country, transaction ID — processed by Stripe on our behalf. We never see or store your full card number.
- Automatic Data: IP address, browser and device characteristics, page-view statistics, error logs.
3. Why we collect this information
- To build and deliver your personalized program;
- To operate the dashboard, the Telegram support channel and the messaging features;
- To process payments and detect fraud;
- To send service emails (welcome, account setup, plan delivery, billing receipts) and product updates;
- To respond to support requests and resolve disputes;
- To improve our programs, content and Service through analytics and user-experience research;
- To comply with legal obligations and enforce our Terms.
We may send you service notices and security alerts you cannot opt out of (for example, password reset, billing receipts).
4. Health information — how we treat it
You voluntarily share information about your diabetes and overall health. We treat this information as sensitive personal data and use it solely to deliver and improve the Service for you. We do not sell or rent health information. We do not share it with advertisers. Access is restricted to staff and contracted coaches/medical reviewers who need it to serve you. Health data is encrypted in transit (TLS) and at rest where supported.
5. Direct marketing
We may send marketing emails about new features and offers. By creating an account you consent to receive these. You may opt out at any time using the unsubscribe link in any marketing email or by writing to support@diafitus.com. Opting out of marketing does not stop service-related emails.
6. Disclosure of your information
We share Personal Information only with:
- Stripe, Inc. — to process payments. Stripe acts as a separate data controller for the payment data it collects; see Stripe's own privacy policy.
- Telegram — when you communicate with our coaches there, your messages are processed by Telegram FZ-LLC under its own privacy policy.
- Email and hosting providers — Hostinger (web hosting and email) processes information solely on our instructions.
- Customer-support tooling and AI providers — we may use AI tools to assist coaches or summarize messages; see Section 11.
- Legal authorities — when required by law, court order or to protect our rights or the safety of others.
We do not sell, rent or trade personal information to third parties for their own marketing purposes.
7. Cookies and similar technologies
We use a small number of cookies (and equivalent local-storage entries) to maintain your session, remember your progress between pages and measure basic site performance. You can block cookies via your browser settings; some Service features may stop working if you do.
8. Data security
We protect your data using industry-standard measures including TLS encryption in transit, encrypted backups, strict server-level password protection for the admin panel, role-restricted database access, strong password hashing (bcrypt), CSRF protection on every form and MIME-type validation on every file upload. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security. You are responsible for keeping your password confidential and notifying us of any unauthorized use.
9. Data retention
We retain your personal data only as long as necessary for the purposes described above:
- Account and program data: kept for up to 5 years after your last update or your last active subscription.
- Health data: kept for up to 5 years after the end of provision of services, unless you request earlier deletion.
- Marketing-consent records: kept up to 2 years after consent is given or withdrawn.
- Payment records: kept as long as required by U.S. tax and accounting law (typically 7 years).
At the end of the retention period (or earlier on your request) personal data is destroyed using overwriting or, where applicable, physical destruction. We may retain data longer where required to comply with legal obligations or to protect vital interests.
10. Your rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you;
- correct or update it;
- request deletion of your account and data;
- restrict or object to certain processing;
- receive a portable copy in a common machine-readable format;
- withdraw consent at any time (without affecting the lawfulness of prior processing);
- lodge a complaint with your local data-protection authority.
To exercise any of these rights, email support@diafitus.com. We may need to verify your identity before fulfilling the request and will respond within the time required by applicable law.
11. AI-assisted tooling
We may use AI tools to assist coaches in drafting replies, summarizing messages, or detecting safety issues. Conversations in the coaching service may be reviewed by AI and by staff. Where AI tools are used:
- data is processed only to enhance the Service, improve user experience and provide efficient support;
- the AI providers we use are bound by data-protection terms and confidentiality obligations;
- AI is not used to make final decisions about subscription management, refunds or data-subject rights. Those are handled by a person.
12. Children
The Service is intended for adults aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe a child has provided us information, email support@diafitus.com and we will delete it.
13. International transfers
The Company is based in the United States. Your information may be processed in the United States and other countries where our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.
14. California residents (CCPA)
To the extent the California Consumer Privacy Act ("CCPA") applies, you have the right to: know the personal data we collect from you; request deletion of your personal data; opt out of any sale or sharing of your personal data; access your personal data; and not be discriminated against for exercising these rights. We do not sell, share, lease or rent your personal information. To exercise any CCPA right, email support@diafitus.com.
15. Health information disclaimer
The Service is not a medical service. The data you log helps your coach personalize your program but is not used for diagnosis or treatment. See our Terms & Conditions for the full medical disclaimer and limitation of liability.
16. Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated by email or by a notice on the website. The "Last updated" date at the top of this page reflects the most recent version.
17. Contact
Benux Corp · 1317 Westminster Dr, Woodridge, Illinois 60517, USA
Support & privacy requests: support@diafitus.com