Skip to main content
Your first class is always complimentary — Book now

Legal

Privacy Policy

Last updated: May 14, 2026

1. Information We Collect

When you visit our site or book a class, we may collect:

  • Booking details: your name, email address, phone number, and any notes or intake answers you provide when reserving a class.
  • Payment information: processed and stored directly by Stripe — including via Apple Pay, Google Pay, Link, Cash App Pay, or Klarna if your browser/device supports them. We never see or store your full card number on our servers.
  • Class pack records: if you purchase a class pack, we store the pack type, credits purchased, credits remaining, and which classes you redeemed credits for.
  • Account-link tokens: when we email you a booking confirmation, we mint two short, signed tokens — one for cancelling a single class and one for your customer portal at /me. These tokens identify you to us without a password.
  • Calendar subscription tokens: if you subscribe to your class schedule from Apple Calendar, Google Calendar, or Outlook, we generate a per-customer iCal feed URL containing a token that lets us return your upcoming bookings. You can revoke it at any time by contacting us.
  • Usage data: standard request logs (browser type, IP, pages visited) for security and operational monitoring. We do not run ad-tracking or analytics pixels.

2. How We Use Your Information

  • To process class bookings, payments, and refunds
  • To send booking confirmations, cancellation notices, and operational emails (reminders, changes to your class)
  • To send SMS reminders to your phone number — only if you explicitly opt in by ticking the SMS-consent box on the booking form (currently disabled while we finalize carrier verification)
  • To populate the per-customer calendar feed at/api/cal/<token>.ics if you choose to subscribe
  • To recognize you on return visits via the magic-link portal at /me
  • To improve our website and service
  • To comply with legal obligations

3. Third-Party Services

We use the following third-party services to operate the studio:

  • Alera Booking (alerabooking.com): our booking and customer-management platform. Your booking and class-pack records are stored on Alera's infrastructure. Their privacy policy applies in addition to ours.
  • Stripe: for payment processing. Stripe handles all card and wallet (Apple Pay, Google Pay, Link, Cash App, Klarna) data directly. We receive only an anonymized reference (a payment intent id) plus the amount and last-four digits for receipts. See Stripe's privacy policy.
  • Resend: for transactional emails (booking confirmations, reminders, cancellations). Resend processes your email address solely to deliver the message.

4. Cookies and Local Storage

We use only the minimum cookies and browser storage needed for the site to work:

  • Locale preference cookie — remembers your chosen language for one year. You can change it at any time using the language switcher.
  • Session storage — temporarily caches your name and email if you start a booking, so you don't have to re-enter them on the same device. Cleared when you close the browser.

We do not use advertising, retargeting, or cross-site tracking cookies.

5. Data Security

All connections to our site and Alera's booking platform are encrypted with HTTPS. Cancel- and portal-link tokens are signed with HMAC and time-bounded so a leaked link expires. We limit internal access to personal data to the studio owner and platform-level support. No method of transmission over the internet is 100% secure, but we follow industry-standard practices.

6. Data Retention

We retain your booking history, payment receipts, and class-pack records for as long as you remain a customer. On request we can delete your client record; bookings tied to past payments may be retained in anonymized form for accounting and Stripe-reconciliation purposes.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request a copy of your data in a portable format
  • Request correction of inaccurate data
  • Request deletion of your data (subject to retention rules above)
  • Revoke your calendar-subscription token
  • Opt out of non-essential communications

To exercise any of these rights, email support@sculptpilatescompany.com.

8. Children's Privacy

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the new version on this page and update the "Last updated" date above.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@sculptpilatescompany.com.