Muscle LAB
← Back to Muscle LAB
Muscle LAB - wearmusclelab.com

Privacy Policy

Last updated: June 2026

This policy explains how Muscle LAB collects, uses, and protects your personal data when you visit wearmusclelab.com or interact with us. We operate under Portuguese and EU law, including the General Data Protection Regulation (GDPR / RGPD).

1. Who We Are

Muscle LAB is a sole-trader apparel brand based in Porto, Portugal. For data protection purposes, we are the data controller for information collected through this website.

Contact: hi@wearmusclelab.com

2. What Data We Collect

We collect only what is necessary to operate the store and fulfil orders:

  • Contact form: name, email, subject, order number (optional), and message.
  • Orders: name, email, shipping address, and order details.
  • Account / Ambassador login: email and encrypted authentication token stored in functional cookies and browser storage such as localStorage and sessionStorage. Authentication cookies may remain active for a limited period or until logout.
  • Newsletter: email address, if you subscribe.
  • Quiz: quiz results and related events may be stored locally in your browser and may also be stored on our servers to help provide the quiz experience, prevent abuse, and improve the service. No third-party marketing tracking is used.
  • Language preference: stored locally in your browser.
  • Cart: may be stored locally in your browser and may also be processed server-side for cart recovery or checkout preparation.

We do not use Google Analytics, Meta Pixel, TikTok Pixel, Hotjar, advertising cookies, or any third-party marketing pixels or remarketing tools.

3. How We Use Your Data

  • To process and fulfil your orders.
  • To respond to contact form enquiries.
  • To send newsletter updates, only if you opted in.
  • To manage ambassador and admin access.
  • To help provide the quiz experience, prevent abuse, and improve the service.
  • To comply with legal and tax obligations as required under Portuguese law.

4. Legal Basis for Processing

  • Contract performance - processing your order.
  • Legitimate interest - responding to enquiries, protecting accounts, providing the quiz experience, preventing abuse, and improving the service.
  • Consent - newsletter subscription.
  • Legal obligation - tax and accounting records.

5. Data Storage & Retention

Order and contact data is stored in our secure database (Supabase, hosted on EU infrastructure). We retain order records for 10 years as required by Portuguese fiscal law. Newsletter subscriptions are kept until you unsubscribe. Contact enquiries are deleted after 12 months unless an ongoing relationship requires otherwise.

6. Third Parties

We share data only where strictly necessary:

  • Payment processor - to complete transactions (we do not store card data).
  • Shipping providers - name and delivery address to fulfil orders.
  • Supabase - our database provider, operating on EU servers.
  • Netlify - our hosting provider.

We do not sell, rent, or trade your personal data.

7. Your Rights

Under GDPR you have the right to:

  • Access the data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure ("right to be forgotten"), subject to legal retention requirements.
  • Object to processing or request restriction.
  • Withdraw consent at any time (e.g. unsubscribe from newsletter).
  • Lodge a complaint with the Portuguese data protection authority: CNPD - cnpd.pt.

To exercise any right, contact us at hi@wearmusclelab.com. We will respond within 30 days.

8. Cookies

We use functional cookies and browser storage such as localStorage and sessionStorage for login sessions, cart state, language preference, and quiz-related functionality. These technologies are used to operate the site and do not include advertising cookies or third-party marketing pixels.

9. Changes to This Policy

If we make material changes, we will update the date at the top of this page. Continued use of the site after changes constitutes acceptance.