Last updated: 25 June 2026
Goodfit is an experimental research-stage service operated by a private individual based in Belgium. This policy explains how personal data is handled while the project is still changing quickly. It is meant to be practical and transparent, not a promise that the service is mature or permanent.
The controller for Goodfit is Floris Zuallaert, the private individual operating the project from Belgium. For the launch period, claims, support, privacy requests, and legal or removal handling are centralized through goodfit.eu and mail.goodfit.eu across all Goodfit domains. For provider profiles, the primary route for correction or removal requests is the correction/removal action on the provider page. You can also email [email protected], the central mailbox for privacy requests, objections, deletion requests, complaints, or questions. If you represent a listed provider and want the provider removed, please use the provider-page form or send the request from an email address at the provider's own website or company domain and state that you are asking us to remove that specific provider. Include the provider page URL, the provider name, and any information you want changed or removed so we can review the request fairly.
These domain and jurisdiction notes are provided as clear, good-faith guidance and are kept deliberately conservative while the project is in its launch phase. They are general information rather than formal legal advice, and we refine them over time as the project develops.
goodfit.eu is the European umbrella domain. Its eu extension is used for cross-border European discovery, early validation, and lawyer-reviewable baseline copy before any country-specific rollout is treated as final.
Launch operations: During launch, claims, support, privacy, and legal/removal handling for this domain remain centralized through goodfit.eu and mail.goodfit.eu. Use the provider-page correction/removal form, or [email protected] if the form is unavailable; claim verification email may come from [email protected].
This eu domain is aimed at European discovery across European Union. The controller remains based in Belgium, and the core privacy approach is built around GDPR-style rights, correction and removal requests, source records, consent controls, and lawyer review before wider promotion. Local mandatory rights may still apply depending on where you live, where a provider is established, and how you use goodfit.eu.
The service, database, matching logic, page structure, profile format, and account features may change significantly. During this phase, content may be corrected, merged, deleted, unpublished, restructured, or overwritten. We use reasonable safeguards, but you should assume submitted data, saved matches, bookmarks, profile claims, drafts, analytics records, and account-related content can be lost or become unavailable.
Keep your own copy of anything important. Do not submit confidential information, sensitive personal data, trade secrets, or information you cannot afford to lose.
Depending on how you use the service, we may process:
Goodfit lists service providers using public business information, provider-submitted information, and Goodfit research. Public sources may include provider websites, contact pages, public case studies, public company social profiles, public business profiles, and similar sources that describe the provider in a business context. We keep internal source records for published provider profiles so we can trace where profile data came from. Public profile data may be incomplete or incorrect. If you are listed, represented, or affected by a listing, use the correction/removal action on the provider page as the primary route to ask us to remove a provider profile, remove or correct specific fields, remove metadata such as categories, tags, service areas, screenshots, contact links, or notes, or update the source context we use to describe the listing. You can also email [email protected] if the form is unavailable; this central mailbox handles requests for all Goodfit domains through goodfit.eu and mail.goodfit.eu during launch. For copyright, trademark, or other rights complaints about profile content, screenshots, or source use, use the contact page or the same email address.
We process personal data for the following purposes and legal bases:
For public business/profile information, our usual basis is legitimate interests where personal data is involved: operating a B2B service-provider discovery and matching directory, keeping profiles factual and useful, and letting providers or affected individuals correct, object to, restrict, or remove disputed data. Where a provider or user supplies data directly, the basis may be consent, contract or pre-contractual steps, or another applicable basis. We avoid publishing direct personal contact details gathered from public research unless reviewed and necessary.
We use third-party providers for hosting, database storage, authentication, email delivery, analytics, security, payments, and operational tooling. Depending on the tools enabled, data may be processed in Belgium, the European Economic Area, the United Kingdom, the United States, or other places where those providers operate. Where needed, we use available transfer safeguards such as data-processing terms, standard contractual clauses, or similar mechanisms.
We keep data only as long as reasonably needed for the purposes above, unless a longer period is required for legal, tax, accounting, security, backup, or dispute reasons. We review published provider data periodically and sooner when a correction, objection, restriction, or removal request is received. During this experimental phase, retention periods may change as the product, database, and operational needs change. Backups and logs may retain limited copies for a while after data is removed from the live service.
We use reasonable technical and organizational safeguards appropriate for a small experimental service, such as access controls, hosted infrastructure protections, consent controls, rate limits, and operational monitoring where available. No system is perfectly secure, and this project is not yet a mature production SaaS.
Depending on the situation, EU and Belgian data protection law may give you rights to access, correct, delete, restrict, object to, or receive a copy of your personal data, and to withdraw consent where processing is based on consent. We may need to verify your identity and may refuse or limit a request where the law allows, for example to protect another person, preserve evidence, comply with law, handle abuse, or defend legal claims.
You may also lodge a complaint with a data protection authority. For Belgium, the authority is the Autorité de protection des données / Gegevensbeschermingsautoriteit (APD-GBA), Rue de la Presse 35 / Drukpersstraat 35, 1000 Brussels, email [email protected].
Goodfit is not intended for children and does not knowingly collect special categories of personal data. Do not submit health data, political opinions, religious beliefs, identity documents, financial secrets, or other sensitive information unless we expressly ask for it for a lawful purpose.
This policy will change as the project changes. We may update it by publishing a new version on this page. Continued use of Goodfit after an update means you accept the updated processing described here, subject to rights that cannot be waived under applicable law.
See also the Terms of service and Cookie policy.