FlexDropin

COOKIE POLICY

Effective date: 08/05/2026

Terms   |  Privacy  |   Cookies

 

1. Introduction

This Cookie Policy (“Policy”) explains what cookies and similar technologies are, how we use them in the FlexDropin mobile application and on the flexdropin.com website, and what your choices are regarding their use.

Data controller: Maria Petaccia, with headquarters in Via Dante Alighieri 40, 65012 Cepagatti (PE), Italy ("FlexDropin", "we", "our" or "us").

This Cookie Policy is an integral part of our Privacy Policy and our Terms and Conditions of Use.

If you have questions about this Policy, please contact us at: info@flexdropin.com

 

2. What Are Cookies and Tracking Technologies

Definition of Cookies

Cookies are small text files that are stored on your device (smartphone, tablet, computer) when you visit a website or use a mobile application. Cookies allow the application to recognize you and remember your preferences or actions over time.

Similar Tracking Technologies

When we talk about "cookies" in this Policy, we are also referring to other similar tracking technologies, including:

• SDK (Software Development Kit): Code packages integrated into the app that allow you to collect data and enable features.
• Tracking pixels: Small invisible images that track user actions.
• Local Storage (HTML5): technology that allows you to store data locally on the device.
• Device identifiers: Unique IDs assigned to your device (IDFA on iOS, AAID on Android).
• Session tokens: Authentication strings that keep your session securely active.

 

3. Why We Use Cookies

We use cookies and similar technologies for the following purposes:

1. Essential Features

To allow the app and the site to function properly and provide you with the services you request.

Examples:

• Keep your session active after logging in
• Remember your preferences (language, user/gym mode)
• Ensure account security
• Manage authentication via Supabase

2. Geolocation and Maps

To offer you the functionality of geographical search of gyms and display on a map, we use Mapbox services.

Examples:

• View gyms near you
• Calculate distances
• Geocode addresses entered by users
• Show the interactive map in the gym tab

3. Performance and Stability

To monitor the correct functioning of the app and identify any technical errors.

Examples:

• Detect application errors
• Analyze the performance of database queries
• Monitor service availability

4. Customization

To offer you an experience tailored to your preferences and your use of the app.

Examples:

• Remember your latest gym searches
• Maintain favorite filters (category, distance)
• Store the location saved in preferences
• Remember the selected mode (user or gym)

5. Secure Payments

To securely manage economic transactions between users and gyms, we use Stripe Connect.

Examples:

• Manage the PaymentIntent for the booking
• Open the Payment Sheet with your payment methods
• Check payment status via webhook
• Prevent transaction fraud

 

4. Types of Cookies We Use

Classification by Duration

Session Cookies

These cookies are temporary and are deleted when you close the app. They are essential for the app to function.

Duration: Until the app closes

Persistent Cookies

These cookies remain on your device for a longer period of time or until you manually delete them.

Duration: From a few days to several years, depending on the purpose

Classification by Purpose

1. TECHNICAL COOKIES (NECESSARY)

What they do: They are essential for the app to function and cannot be deactivated.

Consent required: ❌ NO (they are strictly necessary)

Usage in FlexDropin:

• Login session management (Supabase token)
• User authentication and account security
• Payment security and fraud prevention
• Temporary storage of essential preferences
• Correct functioning of Mapbox maps
• Push token management for notifications

Examples of data collected:

• Authentication token
• Session preferences (language, mode)
• Safety information

Duration: Session or up to 30 days

 

2. ANALYTICAL COOKIES

What they do: They collect information about how you use the app to help us improve it.

Consent required: ⚠️ YES (with exceptions — if used only for anonymous aggregate statistics, may be treated as technical)

Usage in FlexDropin:

• Measure the number of users and sessions
• Understand which features are most used
• Identify technical problems and performance drops
• Analyze navigation flows in aggregate form

Examples of data collected:

• Screens displayed
• Time spent in the app
• Research carried out
• Errors and technical problems

Duration: Up to 3 years

 

5. Cookies and Specific Technologies Used in FlexDropin

Complete Cookie Table

Name / SDK	Supplier	Typology	Purpose	Duration	Consent
Supabase Auth SDK	Supabase Inc.	Technician	Authentication, sessions, database	30 days / session	❌ NO
Supabase Storage	Supabase Inc.	Technician	Upload avatars, medical certificates, gym assets	3 years	❌ NO
Supabase Edge Functions	Supabase Inc.	Technician	Serverless logic: payments, notifications, monthly cron	Session	❌ NO
Mapbox SDK	Mapbox, Inc.	Technician	Interactive maps, address geocoding, geographical search	3 years	❌ NO
Stripe React Native SDK	Stripe, Inc.	Technician	Payment Sheet, secure payment and refund management	Session	❌ NO
Expo Push Notifications	Expo (Snacks)	Technician	Registration and sending push notifications (lesson reminders, reservations)	3 years	❌ NO
AsyncStorage	React Native / Expo	Technician	Preferences local persistence: language, user/gym mode, recent searches	Persistent	❌ NO

 

Detail of Technologies

Supabase (main backend)

Supabase is the backend platform that powers FlexDropin. Manages authentication, PostgreSQL database, file storage, Edge Functions and real-time notifications.

Data collected:

• Authentication tokens and user identifiers
• Device information for safety
• Session and booking data
• Uploaded files (avatars, medical certificates, logos and gym covers)

Privacy Policy: https://supabase.com/privacy

How to handle it: Cannot be disabled (required for all core functionality)

Mapbox

Mapbox provides interactive map and geocoding services that allow you to search for gyms by location, view them on the map and autocomplete addresses. Used both by athletes (Explore tab, search "Near me") and by gyms (entering location address).

Data collected:

• GPS location (when you grant permission)
• Geographic search and geocoding queries
• Interactions with the map (zoom, pan, selection)
• Device information

Privacy Policy: https://www.mapbox.com/legal/privacy

How to handle it: Cannot be turned off for map functionality. Geolocation is optional: you can revoke GPS permission and continue searching for gyms by name or address.

Stripe Connect

Stripe manages payments between athletes and gyms via the Stripe Connect (Direct Charges) model. Payments are created into the gym's account, with a platform fee automatically withheld. Gyms complete Stripe onboarding to receive payments.

Data collected:

• Payment data (not stored by FlexDropin, managed directly by Stripe)
• Transaction identifiers and PaymentIntent
• Payment status and refunds
• Identity verification data for gyms (during onboarding)

Privacy Policy: https://stripe.com/privacy

How to handle it: Cannot be deactivated (required to make and receive payments)

Expo Push Notifications

Expo manages the registration and sending of push tokens for notifications. FlexDropin uses push notifications for class reminders (approximately 1 hour in advance) and new booking alerts for gym managers.

Data collected:

• Device push tokens, associated with the user ID
• Notification preferences (enabled/disabled by profile)

Privacy Policy: https://expo.dev/privacy

How to handle it: Push notifications can be turned off from Profile → Notifications or from your device's system settings.

 

6. Third Party Cookies

FlexDropin uses third-party services that can set up their own tracking mechanisms on your device. We have no direct control over these technologies.

Third parties in FlexDropin:

Supabase Inc. — Privacy Policy: https://supabase.com/privacy

Mapbox, Inc. — Privacy Policy: https://www.mapbox.com/legal/privacy

Stripe, Inc. — Privacy Policy: https://stripe.com/privacy

Expo (Snacks) — Privacy Policy: https://expo.dev/privacy

Apple (iOS push notifications) — Privacy Policy: https://www.apple.com/legal/privacy/

Google (Android push notifications via FCM) — Privacy Policy: https://policies.google.com/privacy

We encourage you to read the privacy policies of these third parties to understand how they treat your data.

 

7. Managing Your Cookie Preferences

How to Manage Cookies in the App

1. Privacy Settings in the App

You can manage some preferences directly in the app:

1. Open the FlexDropin app
2. Go to Profile
3. Select Account Settings
4. Manage available preferences:
   • ✅ Technical Cookies (always active, cannot be deactivated)
   • 🔔 Push notifications (enable/disable)
   • 📍 Geolocation (managed by system settings)

2. Cookie Banner at First Launch

When you first launch the app, you will be presented with a warning that informs you about the use of technical cookies and allows you to manage preferences for optional cookies.

3. Change Preferences Anytime

You can change your choices at any time through your app or device settings. The changes will take effect immediately for future data collections, but will not affect data already collected.

Operating System Level Management

On iOS (iPhone/iPad)

To revoke tracking permission:

5. Go to Settings
6. Select Privacy & Security
7. Select Location Services → FlexDropin

To turn off cross-app tracking:

8. Go to Settings
9. Select Privacy & Security
10. Select Tracking → turn off "Allow apps to request tracking"

On Android

To revoke tracking permission:

11. Go to Settings
12. Select Apps → FlexDropin
13. Select Permissions → Location

Consequences of Deactivation

❌ If you deactivate Geolocation: the "Near me" feature and the Explore map will not be available. You will still be able to search for gyms by name or address.

❌ If you turn off Push Notifications: You will not receive lesson reminders or notices of new bookings.

✅ Technical cookies cannot be deactivated: they are required to log in, book and use the main features.

Delete Existing Cookies

On iOS

To delete local app data and start from scratch:

14. Go to Settings
15. Select General
16. Select iPhone/iPad Storage
17. Find FlexDropin
18. Select "Delete App" (this will delete all local data)
19. Reinstall the app from the App Store

On Android

To clear local app data:

20. Go to Settings
21. Select Apps
22. Find FlexDropin
23. Select Storage
24. Select "Clear data" or "Clear cache"

Note: Clearing the app data will also delete your login and you will have to log in again.

 

8. Use of Cookies by Minors

Protection of Minors under 18

FlexDropin is not intended for children under 18 years of age, as the use of the service involves the stipulation of contracts (paid reservations) and access to sports facilities. We do not knowingly collect data from minors. If we discover that a user is a minor:

• The account is closed
• All data is deleted
• Cookies and local data are deleted

Parental Responsibilities

Parents or legal guardians who believe their child has created an account can contact us at info@flexdropin.com to request data verification and deletion.

 

9. Legal Basis for the Use of Cookies

In accordance with the GDPR (EU Regulation 2016/679) and the ePrivacy Directive (Directive 2002/58/EC), we use the following legal bases:

1. Technical Cookies

Legal basis: Technical necessity and legitimate interest (Art. 6.1.f GDPR)

They do not require consent because they are strictly necessary to provide the requested service.

2. Analytical Cookies

Legal basis: Consent (Art. 6.1.a GDPR) or Legitimate Interest (Art. 6.1.f GDPR)

When used only for anonymous aggregate statistics, they may be based on legitimate interest. Otherwise, they require consent.

 

10. International Data Transfers

Some of the services we use involve the transfer of your data outside the European Economic Area (EEA), in particular to the United States.

Guarantees adopted:

• Standard Contractual Clauses (SCC) of the European Commission
• Adequacy decisions of the European Commission where applicable

Main transfers:

• Supabase Inc. — United States — Standard Contractual Clauses
• Mapbox, Inc. — United States — Standard Contractual Terms
• Stripe, Inc. — United States — Standard Contractual Terms
• Expo — United States — Standard Contractual Clauses

For more information on international transfers, please see our Privacy Policy.

 

11. Your Rights

In relation to the use of cookies, you have the following rights under the GDPR:

1. Right to be informed

You have the right to know which cookies we use and for what purposes (this Cookie Policy).

2. Right of Access

You can request information on the data collected via cookies.

3. Right to Erasure ("Right to be Forgotten")

You can request the deletion of your personal data collected through cookies, within the limits established by applicable law.

4. Right to Oppose

You can object to the use of non-essential cookies at any time.

5. Right to Withdraw Consent

You can revoke your consent to cookies at any time via the app or device settings, without this affecting the lawfulness of the processing carried out before the revocation.

6. Right to Complain

You can lodge a complaint with the Italian Personal Data Protection Authority.

To exercise your rights: info@flexdropin.com

 

12. Changes to this Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons.

How we inform you in case of substantial changes:

• Updated the "Effective Date" at the top of this document
• In-app notification upon next login
• Email to the address registered on your account
• Banners in the app

Last modified: 02/24/2026

 

13. Frequently Asked Questions (FAQ)

1. What happens if I don't accept cookies?

Technical cookies will still be used because they are necessary for the operation of the app. You can refuse optional analytical cookies, but some features (geolocation, notifications) may not be available if you revoke the relevant permissions.

2. Can I use FlexDropin without cookies?

No, technical cookies are essential for the functioning of the app. Without them, you wouldn't be able to log in, book classes or use key features.

3. Can I use FlexDropin without geolocation?

Yes. Geolocation is optional: you can search for gyms by name or address even without granting GPS permission. The "Near Me" and Explore map features will not be available, but all other features will remain active.

4. Do cookies slow down the app?

No, the local storage mechanisms used are very small files and do not significantly affect the app's performance.

5. How do I know which cookies are active?

You can check your active preferences at any time by going to Profile → Account Settings in the app, or by checking the permissions granted in your device's system settings.

6. Does FlexDropin show advertisements?

No. FlexDropin does not use advertising cookies or display third-party ads. No profiling for advertising purposes is carried out.

7. Does FlexDropin sell my data?

No, non vendiamo mai i tuoi dati personali. I dati condivisi con terze parti (Supabase, Mapbox, Stripe, Expo) sono strettamente necessari all'erogazione dei servizi descritti in questa Policy.

8. Do cookies contain viruses?

No, cookies and local storage mechanisms are plain text data and cannot contain viruses or executable code.

9. How can I delete all my data?

You can delete your account and all associated data from the Profile → Account Settings → Delete Account section. Alternatively, contact us at info@flexdropin.com.

 

14. Glossary

Cookies: Small text files stored on your device when you use an app or visit a website.

First-party cookies: Cookies set directly by FlexDropin.

Third-party cookies: Cookies set by other domains/companies (e.g. Mapbox, Stripe).

Session cookies: Temporary cookies that are deleted when you close the app.

Persistent cookies: Cookies that remain on the device for a longer period of time.

SDK (Software Development Kit): Bundle of software tools that allows developers to integrate third-party services.

IDFA (Identifier for Advertisers): Unique identifier assigned to Apple devices. In FlexDropin it is only used for push notifications, not for advertising.

AAID (Android Advertising ID): Unique identifier assigned to Android devices. In FlexDropin it is only used for push notifications, not for advertising.

Tracking (Tracking): Process of collecting data on user behavior over time and across different services.

Profiling: Automated processing of personal data to evaluate personal aspects of an individual. FlexDropin does not perform profiling for advertising purposes.

ATT (App Tracking Transparency): Apple's framework that requires user consent before tracking their data across apps and websites.

Geocoding: Process of converting a textual address into geographic coordinates (latitude and longitude).

Stripe Connect: Stripe system that allows platforms to manage payments between multiple parties (in FlexDropin: between athletes and gyms).

GDPR: General Data Protection Regulation (EU Regulation 2016/679).

SCC: Standard Contractual Clauses, legal instruments approved by the European Commission to ensure the protection of data transferred outside the EEA.

 

15. Contacts

For questions or concerns about this Cookie Policy, you can contact us:

E-mail: info@flexdropin.com

Website: https://flexdropin.com

Address: All the office of Petaccia Maria, Via Dante Alighieri 40, 65012 Cepagatti (PE), Italy

Guarantor for the Protection of Personal Data (Italy):

• Website: www.garanteprivacy.it
• Email: garante@gpdp.it
• Telephone: +39 06.696771

 

Regulatory References

This Cookie Policy has been drawn up in accordance with:

• EU Regulation 2016/679 (GDPR)
• Directive 2002/58/EC (ePrivacy Directive)
• Legislative Decree 196/2003 (Italian Privacy Code)
• Provision of the Privacy Guarantor of 10 June 2021 - Cookie guidelines and other tracking tools

 

Last modified date: 02/24/2026  —   Version: 1.0

© 2026 FlexDropin. All rights reserved.