Privacy Policy

1. Introduction

Iron & Grace Fitness ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you visit our website (your-domain.com) or use our services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our website and services, you consent to the practices described in this policy.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password, profile preferences
• Payment Information: Billing address, payment card details (processed securely through third-party payment processors)
• Fitness Information: Health conditions, fitness goals, workout preferences, body measurements (when relevant to our services)
• Communications: Messages, inquiries, feedback, and support requests
• Marketing Preferences: Newsletter subscriptions, communication preferences

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, time spent on pages, links clicked, referring website
• Location Data: General geographic location based on IP address
• Cookies and Tracking Technologies: As described in our Cookie Policy below

2.3 Information from Third Parties

We may receive information about you from:

• Social media platforms (if you connect your account)
• Analytics providers
• Marketing partners
• Public databases and sources

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

• Processing membership registrations and class bookings
• Providing fitness training, coaching, and nutrition services
• Managing your account and membership
• Processing payments and transactions
• Communicating about your services and appointments

3.2 Communication

• Responding to inquiries and support requests
• Sending service updates and important notices
• Providing newsletters and marketing communications (with your consent)
• Conducting surveys and gathering feedback

3.3 Website Improvement

• Analyzing website usage and performance
• Improving user experience and functionality
• Developing new features and services
• Troubleshooting technical issues

3.4 Legal and Security

• Complying with legal obligations
• Protecting against fraud and security threats
• Enforcing our terms and conditions
• Resolving disputes

3.5 Marketing (With Consent)

• Sending promotional offers and updates
• Personalizing marketing content
• Conducting targeted advertising

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Consent: You have given clear consent for specific purposes
• Contract: Processing is necessary to fulfill our contract with you
• Legal Obligation: Processing is required by law
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided your rights don't override these interests

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

5.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Collect anonymous usage statistics to improve our website
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Track your activity for personalized advertising (requires consent)

5.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit website functionality. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Clear cookies when you close your browser

6. Third-Party Services

We work with trusted third-party service providers who may access your data:

• Payment Processors: Stripe, PayPal (for secure payment processing)
• Email Services: Mailchimp, SendGrid (for email communications)
• Analytics: Google Analytics (for website performance tracking)
• Cloud Storage: AWS, Google Cloud (for data hosting)
• CRM Systems: For customer relationship management
• Booking Systems: For class and appointment scheduling

These providers are contractually bound to protect your data and use it only for specified purposes. We conduct due diligence to ensure they meet data protection standards.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

• Service Providers: With vendors who perform services on our behalf
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• With Your Consent: When you explicitly authorize sharing
• Emergency Situations: To protect health and safety

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for data transmission
• Encrypted data storage
• Regular security assessments and updates
• Access controls and authentication
• Employee training on data protection
• Regular backups and disaster recovery procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continuously work to improve our safeguards.

9. Data Retention

We retain your personal information only as long as necessary:

• Active Accounts: For the duration of your membership plus a reasonable period thereafter
• Financial Records: As required by tax and accounting laws (typically 7 years)
• Marketing Data: Until you withdraw consent or opt out
• Legal Claims: For the statute of limitations period
• Analytics Data: Aggregated data may be retained indefinitely for statistical purposes

When data is no longer needed, we securely delete or anonymize it.

10. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us using the information provided below.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

For users under 18, parental or guardian consent may be required for certain services.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield certification (where applicable)
• Other legally approved transfer mechanisms

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal data)
• Right to Non-Discrimination: Equal service regardless of exercising privacy rights

To exercise these rights, contact us at [email protected] or call us at the number provided below.

14. Marketing Communications

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in our emails
• Updating your preferences in your account settings
• Contacting us directly
• Replying "STOP" to SMS messages

Note that opting out of marketing does not affect transactional or service-related communications.

15. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notification to registered users
• Displaying a prominent notice on our website

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

16. Third-Party Links

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

17. Contact Information

For questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:

18. Data Protection Authority

If you are located in the EEA and have concerns about our data processing that we cannot resolve, you have the right to lodge a complaint with your local data protection supervisory authority.