Privacy policy

Goodfit explains what data is processed during this experimental stage, the risk of data loss, and the easiest way to request corrections or removals.

Last updated: 25 June 2026

Goodfit is an experimental research-stage service operated by a private individual based in Belgium. This policy explains how personal data is handled while the project is still changing quickly. It is meant to be practical and transparent, not a promise that the service is mature or permanent.

Controller and contact

The controller for Goodfit is Floris Zuallaert, the private individual operating the project from Belgium. For the launch period, claims, support, privacy requests, and legal or removal handling are centralized through goodfit.eu and mail.goodfit.eu across all Goodfit domains. For provider profiles, the primary route for correction or removal requests is the correction/removal action on the provider page. You can also email [email protected], the central mailbox for privacy requests, objections, deletion requests, complaints, or questions. If you represent a listed provider and want the provider removed, please use the provider-page form or send the request from an email address at the provider's own website or company domain and state that you are asking us to remove that specific provider. Include the provider page URL, the provider name, and any information you want changed or removed so we can review the request fairly.

Domain and jurisdiction notice

These domain and jurisdiction notes are provided as clear, good-faith guidance and are kept deliberately conservative while the project is in its launch phase. They are general information rather than formal legal advice, and we refine them over time as the project develops.

goodfit.eu is the European umbrella domain. Its eu extension is used for cross-border European discovery, early validation, and lawyer-reviewable baseline copy before any country-specific rollout is treated as final.

Launch operations: During launch, claims, support, privacy, and legal/removal handling for this domain remain centralized through goodfit.eu and mail.goodfit.eu. Use the provider-page correction/removal form, or [email protected] if the form is unavailable; claim verification email may come from [email protected].

This eu domain is aimed at European discovery across European Union. The controller remains based in Belgium, and the core privacy approach is built around GDPR-style rights, correction and removal requests, source records, consent controls, and lawyer review before wider promotion. Local mandatory rights may still apply depending on where you live, where a provider is established, and how you use goodfit.eu.

Experimental-stage notice

The service, database, matching logic, page structure, profile format, and account features may change significantly. During this phase, content may be corrected, merged, deleted, unpublished, restructured, or overwritten. We use reasonable safeguards, but you should assume submitted data, saved matches, bookmarks, profile claims, drafts, analytics records, and account-related content can be lost or become unavailable.

Keep your own copy of anything important. Do not submit confidential information, sensitive personal data, trade secrets, or information you cannot afford to lose.

Data we process

Depending on how you use the service, we may process:

  • Account and authentication data, such as email address and session information.
  • Provider listing data, including public business facts, website URLs, descriptions, categories, service areas, languages, contact links, screenshots, and claimed or submitted profile data.
  • Project and matching data you submit so the service can suggest suitable providers.
  • Bookmarks, submissions, feedback, support messages, complaints, and correction requests.
  • Technical data such as IP-derived region signals, request metadata, security logs, consent records, and basic device or browser information needed to run and protect the service.
  • Payment, advertising, or billing-related records if paid features are enabled or used.
  • Optional analytics events if analytics is enabled for your region and consent choices.

Sources

Goodfit lists service providers using public business information, provider-submitted information, and Goodfit research. Public sources may include provider websites, contact pages, public case studies, public company social profiles, public business profiles, and similar sources that describe the provider in a business context. We keep internal source records for published provider profiles so we can trace where profile data came from. Public profile data may be incomplete or incorrect. If you are listed, represented, or affected by a listing, use the correction/removal action on the provider page as the primary route to ask us to remove a provider profile, remove or correct specific fields, remove metadata such as categories, tags, service areas, screenshots, contact links, or notes, or update the source context we use to describe the listing. You can also email [email protected] if the form is unavailable; this central mailbox handles requests for all Goodfit domains through goodfit.eu and mail.goodfit.eu during launch. For copyright, trademark, or other rights complaints about profile content, screenshots, or source use, use the contact page or the same email address.

Why we process data

We process personal data for the following purposes and legal bases:

  • To provide accounts, submissions, matching, bookmarks, and profile tools.
  • To respond to messages, correction requests, complaints, and support needs.
  • To build, test, debug, protect, and improve the experimental service.
  • To publish and maintain a useful directory of service providers based on public facts and submitted data.
  • To prevent abuse, enforce terms, investigate security events, and protect legal interests.
  • To comply with legal, tax, accounting, regulatory, or dispute-related obligations.
  • To send service emails and, only where permitted, optional updates or marketing.

For public business/profile information, our usual basis is legitimate interests where personal data is involved: operating a B2B service-provider discovery and matching directory, keeping profiles factual and useful, and letting providers or affected individuals correct, object to, restrict, or remove disputed data. Where a provider or user supplies data directly, the basis may be consent, contract or pre-contractual steps, or another applicable basis. We avoid publishing direct personal contact details gathered from public research unless reviewed and necessary.

Service providers and transfers

We use third-party providers for hosting, database storage, authentication, email delivery, analytics, security, payments, and operational tooling. Depending on the tools enabled, data may be processed in Belgium, the European Economic Area, the United Kingdom, the United States, or other places where those providers operate. Where needed, we use available transfer safeguards such as data-processing terms, standard contractual clauses, or similar mechanisms.

Retention

We keep data only as long as reasonably needed for the purposes above, unless a longer period is required for legal, tax, accounting, security, backup, or dispute reasons. We review published provider data periodically and sooner when a correction, objection, restriction, or removal request is received. During this experimental phase, retention periods may change as the product, database, and operational needs change. Backups and logs may retain limited copies for a while after data is removed from the live service.

Security

We use reasonable technical and organizational safeguards appropriate for a small experimental service, such as access controls, hosted infrastructure protections, consent controls, rate limits, and operational monitoring where available. No system is perfectly secure, and this project is not yet a mature production SaaS.

Your rights

Depending on the situation, EU and Belgian data protection law may give you rights to access, correct, delete, restrict, object to, or receive a copy of your personal data, and to withdraw consent where processing is based on consent. We may need to verify your identity and may refuse or limit a request where the law allows, for example to protect another person, preserve evidence, comply with law, handle abuse, or defend legal claims.

You may also lodge a complaint with a data protection authority. For Belgium, the authority is the Autorité de protection des données / Gegevensbeschermingsautoriteit (APD-GBA), Rue de la Presse 35 / Drukpersstraat 35, 1000 Brussels, email [email protected].

Children and sensitive data

Goodfit is not intended for children and does not knowingly collect special categories of personal data. Do not submit health data, political opinions, religious beliefs, identity documents, financial secrets, or other sensitive information unless we expressly ask for it for a lawful purpose.

Changes to this policy

This policy will change as the project changes. We may update it by publishing a new version on this page. Continued use of Goodfit after an update means you accept the updated processing described here, subject to rights that cannot be waived under applicable law.

Related pages

See also the Terms of service and Cookie policy.