Skip to content
Demitry DavidsonFunctional Strength & Hybrid Calisthenics

Legal

Privacy Policy

Last updated: May 28, 2026 · Version: v2

In plain English

We collect the information you give us to deliver the coaching, programs, and membership you hire us for; we don't sell your data or embed third-party ad or social-tracking pixels, our service providers see only what they need, and you can access, delete, or change your mind about your data at any time.

1.Who we are

This Privacy Policy describes how S2S LLC, a New Mexico limited liability company doing business as Demitry Davidson ("Demitry Davidson," "we," "us," or "our") collects, uses, and protects information about you when you visit demitrydavidson.com (the "Site"), submit a form, purchase a Program, start a Membership, or work with us one-to-one (collectively, the "Services").

For users in the European Economic Area, the United Kingdom, or Switzerland, S2S LLC is the data controller for the personal information described here. Contact us at privacy@demitrydavidson.com.

2.What we collect

We collect information in three ways: information you give us directly, information our infrastructure records automatically, and information from a small number of service providers we use to operate the business.

2.1 Information you give us

  • Intro-call form. Your name, email address, and the description of your goal you choose to share with us. The form also includes a hidden anti-spam field ("company") that legitimate users leave blank.
  • Account information (when the member portal goes live). Your name, email address, password (stored in hashed form by our auth provider), and any profile information you choose to add. Account creation is not yet live on the Site; this section describes how we will handle account data when it is.
  • Purchase information (when commerce goes live). The product you purchased and your billing email. Card data is collected and stored by our payment processor, not by us — we receive a charge confirmation and the last four digits, never the full card number.
  • Coaching communications. Any email, message, or content you send us during an active coaching engagement, including photos or videos you choose to share for form review.
  • Health information you choose to disclose. If you tell us about an injury, condition, or limitation so we can program around it, we keep that information solely to deliver coaching. We are not a medical provider and we do not act as one (see the Medical Disclaimer in our Terms).

2.2 Information collected automatically

  • Server and request logs. Our hosting provider (Vercel) records standard request metadata at the network edge: IP address, user-agent, requested URL, referrer, timestamp, and response code. These logs are used for security, abuse-prevention, and reliability. We do not copy this metadata into our own application database when you submit a public form (intro-call, coaching application, newsletter, guide signup, member form check) — it stays in the Vercel logs.
  • Cookies and similar storage. We set only strictly-necessary storage by default (your cookie-consent choice, session and security tokens). Analytics and marketing storage are off until you opt in through the consent banner. See our Cookie Policy.
  • Analytics (only if you opt in). If analytics is enabled in your cookie preferences, we collect aggregated, de-identified-where-practical usage data — page views, referrers, device class — so we can see what works on the Site and what to fix. Aggregated does not always mean perfectly anonymous; we use privacy-focused tooling and avoid linking site usage to your identity.

2.3 Information we retain for evidence and audit

Two specific Service flows retain IP address and user-agent in our application database for a documented evidentiary purpose. We collect this minimum data only at the moment of the relevant action, store it under the same access controls as the rest of our application data, and do not use it for marketing, profiling, or any purpose beyond the one stated below.

  • Electronic-signature evidence (1:1 Coaching onboarding). When you sign the onboarding document stack (Terms of Service, Service Agreement, Liability Waiver, Informed Consent, Coaching Expectations, Nutrition Disclaimer, optional Media Release) by typing your full legal name, we record your IP address, user-agent, and timestamp alongside the signed packet. This is required for non-repudiation of an electronic signature under the federal E-SIGN Act (15 U.S.C. § 7001) and New Mexico's Uniform Electronic Transactions Act. The packet, document hashes, and these evidence fields are written to an append-only audit table.
  • Booking lifecycle audit (1:1 Coaching scheduling). When you book, reschedule, or cancel a 1:1 coaching session through your access link, we record the action, the actor (client / owner / system), the timestamp, and the IP address and user-agent the action originated from. We use this only to resolve scheduling disputes (for example, whether a cancellation occurred inside the 24-hour notice window). It is not used for marketing or profiling.

2.4 Information from service providers

When commerce and account features go live, we receive limited information from our processors (Stripe, Supabase, Resend) in order to operate the Services — for example, charge confirmations from Stripe, authentication events from Supabase, and email-delivery status from Resend. We do not buy or rent personal information from data brokers.

2.5 Sensitive information

We do not knowingly collect government identifiers, biometrics, precise geolocation, or other categories of "sensitive personal information" defined by U.S. state law or "special category data" defined by the GDPR. If you voluntarily disclose health information in the context of coaching (see Section 2.1), we treat it with the same confidentiality as any other coaching communication.

3.How we use your information

We use personal information to:

  • respond to the intro-call form and schedule the conversation;
  • deliver one-to-one Coaching, Self-Guided Programs, and Membership (when those Services involve you);
  • create and maintain your account and process your purchases (when those Services are live);
  • send transactional messages (account, billing, scheduling, and coaching-related);
  • run and improve the Site — security, reliability, abuse prevention, and (with your opt-in) aggregated usage analytics;
  • comply with law, enforce our Terms, and protect the rights and safety of our users, our business, and the public.

What we do not do. We do not sell your personal information. We do not share it with third parties for their own advertising or marketing. We do not embed third-party advertising or social-tracking pixels on the Site. We do not use your coaching communications or photos/videos to train artificial-intelligence models.

4.Legal basis (EU/UK/Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful bases under Article 6 GDPR:

  • Contract (Art. 6(1)(b)): to deliver Coaching, Programs, or Membership you have requested or purchased, and to take pre-contractual steps you ask for (including responding to your intro-call form).
  • Legitimate interests (Art. 6(1)(f)): running the Site securely, preventing abuse, and (where permitted without consent) understanding aggregate Site performance.
  • Consent (Art. 6(1)(a)): non-essential cookies, analytics, and any optional marketing communications. You can withdraw consent at any time through the cookie preferences manager or by emailing us.
  • Legal obligation (Art. 6(1)(c)): keeping records required by tax, accounting, and consumer-protection law.

5.Who we share information with

We share personal information only with the service providers we use to operate the Services, and only to the extent each provider needs to perform its function. We do not sell your personal information.

  • Vercel, Inc. — hosting and edge delivery. Receives request metadata (IP, user-agent, URL, timestamps) for every page view.
  • Resend (Resend.com, Inc.) — transactional email delivery. Will receive your email address and the contents of any messages we send you through the Site once email delivery is wired in.
  • Supabase, Inc. — authentication and data storage. Will receive your account credentials (email and hashed password) and any data you create in your account once the member portal is live.
  • Stripe, Inc. — payment processing. Will receive the information needed to charge your payment method (card details, billing email, billing address) once commerce is live. Stripe is the data processor for card data; we receive only a charge confirmation and limited metadata.

We may also disclose information when required by law (for example, in response to a valid subpoena, court order, or government request), when needed to enforce our Terms, or when needed to protect the rights, property, or safety of any person. In the event of a merger, acquisition, or sale of business assets, personal information may be transferred as part of that transaction; we will give notice before any such transfer that materially changes how your information is handled.

6.International data transfers

We operate in the United States. Vercel, Resend, Supabase, and Stripe are U.S. companies and process data in the United States and other jurisdictions where they operate. If you are in the European Economic Area, the United Kingdom, or Switzerland, your personal information will be transferred to the U.S. and other countries that may not offer the same level of data-protection law.

Where required, we rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses and equivalent UK/Swiss mechanisms, supplemented by the security measures described in Section 8.

7.How long we keep information

We keep personal information only as long as we need it for the purposes described in this Policy, or for as long as law requires us to.

  • Intro-call submissions: up to 24 months after the conversation, or sooner if you ask us to delete the record.
  • Account information: for as long as your account is active, plus a reasonable period after closure for tax, accounting, and dispute purposes (generally up to 7 years).
  • Purchase records: retained for the period required by tax and accounting law (generally up to 7 years).
  • Coaching communications (messages and text exchanges): for the duration of the engagement, plus up to 24 months afterward.
  • Coaching photos and videos (form review, progress footage, movement assessments): kept only as long as needed for the active coaching purpose — generally up to 12 months after the engagement ends, unless you separately consent to longer retention or to specific use (for example, an approved testimonial). You can request deletion at any time by emailing privacy@demitrydavidson.com.
  • Electronic-signature evidence (Section 2.3): retained alongside the signed packet for the statute-of-limitations period applicable to claims arising from the coaching engagement (generally up to 7 years), so the signed record remains enforceable. This is a legal-record-retention obligation; we cannot shorten it on request for the duration of that window.
  • Booking lifecycle audit rows (Section 2.3): retained for 24 months after the affected session occurred, then deleted, unless a dispute is open at that time.
  • Server and request logs: generally up to 30 days, subject to our hosting provider's retention.
  • Cookie-consent record: stored on your device until you clear it or it expires (see the Cookie Policy).

8.Security

We protect personal information with reasonable administrative, technical, and physical safeguards appropriate to the type of information we hold — including encrypted transport (HTTPS), encrypted-at-rest storage at our providers, hashed passwords, access controls, and limited internal access on a need-to-know basis.

No system is perfectly secure. We work to keep your information safe, and we will notify you in accordance with applicable breach-notification law if we ever experience a security incident affecting your personal information.

9.Cookies and similar technologies

We use a small set of cookies and similar storage to operate the Site, remember your preferences, and (with your opt-in) measure aggregate usage. We do not use cookies for cross-site tracking or third-party advertising.

The full cookie inventory, category definitions, durations, and the preference manager live on our Cookie Policy page. You can change or withdraw consent at any time.

10.Your privacy rights

Depending on where you live, you may have the rights described below. To exercise any of them, email privacy@demitrydavidson.com from the address associated with your account or request. We will verify your identity before acting on a request and will respond within the time frame required by applicable law (generally within 30–45 days). We will not discriminate against you for exercising any of these rights.

10.1 Everyone

  • Access — ask what personal information we hold about you.
  • Correction — ask us to fix inaccurate or incomplete information.
  • Deletion — ask us to delete information, subject to legal retention requirements.
  • Withdraw consent — for anything we do on the basis of your consent (cookies, optional marketing), withdraw it at any time.

10.2 California residents (CCPA/CPRA)

California residents have the right to know the categories and specific pieces of personal information we have collected; the sources and business purposes; the categories of third parties with whom we share it; the right to delete; the right to correct; the right to opt out of "sale" or "sharing" (we do not sell or share personal information as those terms are defined); and the right to limit the use of sensitive personal information (we do not use sensitive personal information for any purpose beyond delivering the Service you requested). You may also designate an authorized agent to make a request on your behalf.

For purposes of the CCPA categories: in the past twelve months we have collected Identifiers (name, email, and — only in the evidentiary flows described in Section 2.3 — IP address), Internet/network activity (request logs at the Vercel edge as described in Section 2.2, consented analytics), and, if you share them with us in coaching, Customer records and any health-related information you choose to disclose. Sources are: directly from you, and automatically from your device. Business purposes are described in Section 3. Categories of recipients are listed in Section 5.

10.3 EU, UK, and Switzerland residents (GDPR / UK GDPR)

You have the right of access, rectification, erasure, restriction of processing, portability, and objection, consistent with Articles 15–22 of the GDPR. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing that happened before withdrawal. You also have the right to lodge a complaint with your local supervisory authority.

10.4 Other U.S. states

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have rights of access, deletion, correction, portability, and opt-out of targeted advertising, sale, and certain profiling. We do not engage in targeted advertising or sales of personal information. To exercise your rights, contact us using the email above.

11.Children

The Services are intended for adults. You must be at least 18 years old to use them (see Section 2 of our Terms). We do not knowingly collect personal information from anyone under 13, and we do not direct the Services to children. If you believe a child under 13 has provided us personal information, contact privacy@demitrydavidson.com and we will promptly delete it.

12.Do Not Track and Global Privacy Control

Because we do not engage in cross-site tracking or sell personal information, "Do Not Track" browser signals do not change the limited processing we perform. Where required by law, we honor recognized opt-out signals such as the Global Privacy Control (GPC) as a request to opt out of "sale" or "sharing" for California residents.

13.Marketing and email

We will only send marketing email if you opt in. Every marketing email includes an unsubscribe link, and you can opt out at any time by emailing privacy@demitrydavidson.com. Transactional messages — account, billing, scheduling, and coaching-related — are part of the Service and are not marketing.

14.Changes to this Policy

We may update this Policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, notify active account holders by email. Continued use of the Services after a change becomes effective constitutes acceptance of the updated Policy.

15.Contact us

Questions, requests, or complaints about privacy?

S2S LLC, doing business as Demitry Davidson
3126 Tess Ct NE
Rio Rancho, NM 87144
privacy@demitrydavidson.com

Our standing commitment

We don't sell your personal data. We don't share it with anyone outside the providers it takes to run the Services. We don't embed third-party advertising or social-tracking pixels on this site.

© 2026 S2S LLC. All rights reserved.