StudioTrack Privacy Policy

StudioTrack (“StudioTrack,” “we,” “us,” or “our”) provides a software-as-a-service platform that helps fitness and activity studios manage their operations, including class scheduling, memberships, payments, and communications. This Privacy Policy explains how we collect, use, disclose, and protect personal information.

This policy applies to two audiences:

• Studio Operators— the businesses and their staff who subscribe to StudioTrack to manage their studios.
• Studio Members— individuals (and parents/guardians of minors) who participate in classes, memberships, or programs offered by a Studio Operator using StudioTrack.

When a Studio Operator uses StudioTrack to manage information about its members, the Studio Operator is the “controller” of that information and StudioTrack acts as a “processor” or “service provider.” StudioTrack processes member data on behalf of, and under the instructions of, the Studio Operator.

1. Information We Collect

1.1 Information from Studio Operators

When you sign up for StudioTrack as a studio owner or staff member, we collect:

• Account information: name, email, phone, password, business name, business address.
• Billing information: payment card details (processed by Stripe), billing address, tax identifiers, subscription tier and history.
• Studio operations data: locations, classes, programs, schedules, instructors, pricing, waivers, and other content you create in the platform.
• Communications: support tickets, feedback, and correspondence with us.
• Technical data: IP address, browser type, device identifiers, log data, cookies, and usage analytics.

1.2 Information about Studio Members

Studio Operators use StudioTrack to manage information about their members. This information is provided either by the Studio Operator, by the member directly through forms or member portals, or by parents/guardians on behalf of minor members. It may include:

• Identity and contact: name, email, phone, address, date of birth, emergency contact.
• Membership data: enrollments, attendance, class history, program participation, waivers signed.
• Health information: health intake responses, allergies, injuries, or medical notes provided through waivers or intake forms.
• Payment information: payment cards (tokenized via Stripe), billing history.
• Family relationships: parent/guardian relationships to minor members.

1.3 Information Collected Automatically

When anyone uses StudioTrack, we automatically collect log data, device information, IP address, approximate location, browser type, pages viewed, and interaction events. We use cookies and similar technologies for authentication, security, preferences, and analytics. See Section 8 for cookie details.

2. How We Use Information

We use information to:

• Provide, operate, and maintain the StudioTrack platform.
• Process payments and subscriptions, including the 1% platform fee on transactions processed through Stripe Connect.
• Authenticate users, secure accounts, and detect fraud or abuse.
• Send transactional communications (account confirmations, receipts, password resets, service notices).
• Provide customer support and respond to inquiries.
• Improve, troubleshoot, and develop new features.
• Comply with legal obligations and enforce our Terms of Service.
• With consent where required, send marketing communications about StudioTrack (Studio Operators only).

We do not sell personal information. We do not use Studio Member data to train AI models without the Studio Operator’s explicit instruction.

3. Legal Bases for Processing (GDPR)

If you are in the EEA, UK, or Switzerland, we rely on the following legal bases:

• Contract: to provide the service to Studio Operators and to perform tasks requested by them.
• Legitimate interests:to secure the platform, prevent fraud, improve features, and operate our business — balanced against your rights.
• Consent: for marketing communications, non-essential cookies, and processing of health data where required.
• Legal obligation: to comply with applicable laws (tax, accounting, lawful requests).

For Studio Member data, the Studio Operator is the controller and is responsible for establishing the legal basis for processing. StudioTrack acts as the processor under a Data Processing Agreement.

4. How We Share Information

We share information only as described below.

• With Studio Operators: Member data is shared with the Studio Operator that collected it. Members should contact their Studio Operator directly with questions about how that operator uses their data.
• Service providers (subprocessors): we share data with vendors that support our service, including Supabase (database/auth), Stripe (payments), Resend (transactional email), Vercel (hosting), and analytics providers. A current list of subprocessors is available on request.
• Legal and safety: we may disclose information when required by law, subpoena, or court order, or to protect the rights, property, or safety of StudioTrack, our users, or the public.
• Business transfers: if StudioTrack is involved in a merger, acquisition, or sale of assets, information may be transferred. We will notify you of any change in ownership or control of personal information.
• With consent: we share information for any other purpose disclosed at the time of collection or with your consent.

We do not sell personal information and do not share it for cross-context behavioral advertising.

5. Data Retention

We retain personal information for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

• Studio Operator accounts: retained while the subscription is active. After cancellation, account data is retained for 90 days, then deleted or anonymized except where retention is required by law (e.g., tax records).
• Studio Member data:retained according to the Studio Operator’s instructions and retention settings. When a Studio Operator deletes a member or terminates its account, member data is deleted on the same schedule, subject to legal retention requirements.
• Backups: data may persist in encrypted backups for up to 30 days after deletion from active systems.
• Logs: security and audit logs are retained for up to 12 months.

6. Your Rights

6.1 GDPR Rights (EEA, UK, Switzerland)

You have the right to: access your data, correct inaccurate data, request deletion, restrict processing, data portability, object to processing, and withdraw consent. You also have the right to lodge a complaint with your supervisory authority.

6.2 CCPA/CPRA Rights (California)

California residents have the right to:

• Know what personal information we collect, use, disclose, and (if applicable) sell or share.
• Delete personal information we hold about you.
• Correct inaccurate personal information.
• Opt out of sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising).
• Limit use of sensitive personal information.
• Non-discrimination for exercising your rights.

Categories of personal information collected and disclosed in the prior 12 months are described in Sections 1 and 4.

6.3 How to Exercise Your Rights

Studio Operators can manage most data through the platform settings or contact us at jason@studiotrack.io. Studio Members should contact their Studio Operator first, since the operator controls the data. If a Studio Operator does not respond, you may contact us and we will work with the operator to resolve the request. We may need to verify your identity before fulfilling a request.

7. Children’s Privacy (COPPA)

StudioTrack is not directed to children under 13, and we do not knowingly collect personal information directly from children under 13.

Studio Operators commonly enroll minor members (including children under 13) and provide their information through the platform. In those cases:

• Parental consent: the Studio Operator is responsible for obtaining verifiable parental consent before collecting personal information from a child under 13, as required by COPPA.
• Limited collection:we collect only the information needed to support the studio’s services (e.g., enrollment, attendance, emergency contact).
• No marketing to children:we do not use children’s information for marketing or behavioral advertising and do not share it for those purposes.
• Parental rights:parents and guardians may review, correct, or request deletion of their child’s information by contacting the Studio Operator or us at jason@studiotrack.io.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Strictly necessary: authentication, session management, security, load balancing.
• Functional: remembering preferences and settings.
• Analytics: understanding usage patterns to improve the service.

Where required by law, we present a cookie banner allowing you to accept or reject non-essential cookies. You can also control cookies through your browser settings.

9. International Data Transfers

StudioTrack is operated from the United States, and our subprocessors may process data in the U.S. and other countries. When we transfer personal information from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and the UK Addendum.

10. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit (TLS), encryption at rest, role-based access controls, audit logging, and regular security reviews. Payment card data is handled by Stripe and is not stored on StudioTrack servers. No system is perfectly secure; we cannot guarantee absolute security.

If we become aware of a breach affecting your personal information, we will notify affected users and authorities as required by law.

11. Changes to This Policy

We may update this policy from time to time. The “Last Updated” date at the top reflects the most recent revision. Material changes will be communicated through the platform or by email. Continued use of StudioTrack after changes take effect constitutes acceptance.

12. Contact Us

Questions or requests regarding this Privacy Policy:

StudioTrack
Email: jason@studiotrack.io
Address: 2917 Texa Tonka Ave, Minneapolis, MN 55426

For EEA/UK residents, you may also lodge a complaint with your supervisory authority.