Last updated: May 2025 · LootLean · lootlean.com
LootLean ("we", "us", "our") is a fitness guidance service operated as a sole trader business in the United Kingdom. We are the data controller for the personal information you provide to us.
Contact: lootleanuk@gmail.com
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
We collect the following personal information when you use our service:
| Category | Data collected | Why we collect it |
|---|---|---|
| Identity | First name, age, gender | To personalise your fitness plan |
| Contact | Email address | To deliver your plan and communicate with you |
| Physical | Height, weight, goal weight | To calculate appropriate targets |
| Health (special category) | Medical conditions, injuries, medications, stress levels, sleep | To ensure guidance is safe and appropriate for you |
| Lifestyle | Gaming habits, diet, exercise history, occupation type | To personalise your plan to your actual lifestyle |
| Payment | Billing details (processed by Stripe — we never see your card number) | To process subscription payments |
Health information is classified as "special category" data under UK GDPR and receives the highest level of protection. We collect this only where necessary to provide you with safe, appropriate fitness guidance.
Our legal basis for processing your health data is your explicit consent, given when you complete our intake form. You may withdraw this consent at any time by contacting us, though this may mean we can no longer provide the service safely.
We process your personal data on the following legal bases:
We use your personal information to:
We will never sell your data to third parties. We will never use your health data for marketing purposes.
Your intake form responses are stored securely. We take reasonable technical measures to protect your data from unauthorised access, loss, or disclosure.
We retain your personal data for as long as your subscription is active, plus 12 months thereafter in case of any queries or disputes. After this period, your data is deleted.
Payment data is stored and processed by Stripe, Inc. We never have access to your full card number. Stripe is PCI DSS compliant. You can read Stripe's privacy policy at stripe.com/gb/privacy.
We only share your data with:
We do not share your health data, fitness information, or personal details with any other third parties under any circumstances.
You have the following rights regarding your personal data:
To exercise any of these rights, email us at lootleanuk@gmail.com. We will respond within 30 days.
lootlean.com uses only essential cookies necessary for the website to function. We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.
If you are unhappy with how we handle your data, you have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO):
Website: ico.org.uk · Phone: 0303 123 1113
We'd always appreciate the opportunity to resolve any concern directly first — please email us at lootleanuk@gmail.com.
We may update this Privacy Policy from time to time. We will notify active subscribers of any significant changes by email. The date at the top of this page shows when it was last updated.