Privacy Policy

Last updated: March 16, 2026

1. Information We Collect

We collect information you provide when using our services:

  • Account: Name, email address, and (if you sign in with Google) profile image. For magic-link sign-in we send a one-time code to your email; you may also register a passkey (fingerprint or device passcode) for faster sign-in.
  • Profile: Optional details such as full name, pronoun, phone number, experience level, Pilates goals, and special notes or health-related information you choose to share with instructors. Profile and instructor photos may be stored with our cloud storage provider.
  • Bookings and usage: Class bookings (classes, instructors, studios, times), purchase and payment history (including records synced from our payment processor), and credit or subscription status.
  • Messages: Content of direct messages and group chat messages you send through our in-app messaging system, along with read receipts and participation metadata.
  • Notifications and preferences: Your notification preferences (such as email notifications for class events) and, if you opt in to browser push notifications, the technical subscription data required to deliver them (push endpoint and encryption keys — not your browsing activity).
  • Technical and security data: Session cookies and similar technologies to keep you signed in and to improve security and site operation. We maintain anonymous sign-in logs — recording the method used, outcome, IP address, approximate location derived from the IP, and browser/device information — for security monitoring. These logs are not linked to individual user accounts.

2. How We Use Your Information

We use your information to create and manage your account; to provide sign-in (including magic link, passkey, and optional Google sign-in); to display and manage your schedule, bookings, and credits; to process purchases and subscriptions; to show instructor availability and profiles where relevant; to enable messaging between you, instructors, and support staff; to send you notifications about class events, messages, and account activity (via in-app alerts, email, or browser push based on your preferences); and to generate calendar files for your booked classes. We also maintain anonymous sign-in logs to monitor for unauthorized access patterns. Authorized staff may temporarily access your account view for support purposes. We do not sell your personal information to third parties.

3. Third-Party Services

We rely on trusted service providers to run our platform:

  • Payments: Stripe processes payments, checkouts, and (where applicable) subscriptions. Stripe's privacy policy applies to their handling of payment data.
  • Email: We use Resend to send sign-in links, class notifications, and other account-related emails. Your email address and message content are processed by Resend in accordance with their policies.
  • Real-time messaging: We use Ably to deliver chat messages and live notifications within the app. Message content passes through Ably's infrastructure in transit.
  • Sign-in: If you choose to sign in with Google, Google will receive and process data per their privacy policy. Passkey sign-in uses your device's built-in security (e.g., fingerprint or passcode); we do not receive your biometric data.
  • Image storage: Profile and studio photos are stored on Google Cloud Storage.
  • Hosting and infrastructure: Our app and databases are hosted by third-party providers (e.g., Vercel, Neon). Data is stored and processed in accordance with our agreements with those providers.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Sign-in is secured with industry-standard methods (including passkeys where supported). Payment data is handled by Stripe and not stored on our servers beyond what is needed to link purchases to your account. Real-time messages are encrypted in transit. Push notification subscriptions are stored securely and used only for delivering notifications you have opted into.

5. Data Retention

We retain your account and profile data for as long as your account is active. Booking history and purchase records are kept for accounting and legal compliance. Chat messages are retained while your account is active. Anonymous login logs (not linked to user accounts) are retained for security monitoring purposes. If your account is deactivated, we may retain certain data as required by law or for legitimate business purposes, after which it will be deleted or anonymized.

6. Your Rights

You may request access to, correction of, or deletion of your personal data. You may manage your notification preferences at any time through your account settings. You may also withdraw consent or object to certain processing where applicable. To exercise these rights or for any privacy-related questions, please contact us through our website or studio.

7. Contact

For questions about this Privacy Policy or our data practices, please contact us through our website or studio.