Privacy Policy

1. Introduction

Zenera Pilates Club ("we", "us", "our") provides a mobile booking and communications application (the "App"). By downloading, installing, or using the App, you agree to this Privacy Policy in full. If you do not agree, you must stop using the App immediately.

We reserve the right to update this policy at any time. Continued use of the App after any update constitutes acceptance of the revised policy. It is your responsibility to review this policy periodically.

2. Data We Collect

a) Account & Identity Data

• First and last name, email address
• Password (stored in encrypted form — never in plain text)

b) Booking & Service Data

• Services booked, appointment dates and times, booking history and status
• Notes or preferences related to your bookings

c) Communications

• Messages sent between you and the business through the App

d) Payment Records

• Transaction references and payment status for memberships or services. Payment processing is handled entirely by a regulated third-party payment provider. We do not store card numbers or full payment details.

e) Technical & Device Data

• Push notification token to deliver notifications to your device
• Device type and operating system (iOS / Android)
• App usage activity (features accessed, session timestamps)

3. How We Use Your Data

We use your data to:

• Create and manage your account
• Process and manage your bookings and memberships
• Send booking confirmations, reminders, and service updates by email and push notification
• Enable in-app messaging
• Process payments where applicable
• Maintain and improve the App
• Comply with applicable legal obligations
• Enforce our terms, protect our rights, and prevent fraud or abuse

4. Legal Bases for Processing (GDPR)

Where applicable, we process your data on the following legal bases:

• Contractual necessity — to provide the services you have requested
• Legitimate interests — to operate, maintain, and improve our services, and to protect our business
• Legal obligation — to comply with applicable laws and regulations
• Consent — where you have provided explicit consent (e.g. push notifications), which may be withdrawn at any time

5. Data Sharing

We do not sell your personal data. We may share your data with trusted service providers who assist in delivering the App (including cloud infrastructure, payment processing, notification delivery, and email delivery). All such providers are contractually required to handle data securely and only for the purposes we specify.

We may also disclose your data where required by law, regulation, legal process, or governmental request, or where necessary to protect the rights, property, safety, or security of our business, users, or the public. We reserve the right to disclose your data without notice where we reasonably believe unlawful activity or a threat to safety is involved.

6. International Transfers

Your data may be processed in countries outside your country of residence, including outside the European Economic Area (EEA) or United Kingdom. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection law. By using the App, you consent to such transfers.

7. Data Retention

We retain your data for as long as necessary to fulfil the purposes set out in this policy, including:

• Account data: until account deletion or 3 years of inactivity
• Booking records: up to 7 years (legal and accounting obligations)
• Payment records: up to 7 years (financial regulations)
• Messages: for the duration of your account
• Push tokens: deleted on logout or uninstall

We also reserve the right to retain data beyond these periods where necessary to resolve disputes, enforce agreements, or comply with legal obligations.

8. Your Rights

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data, subject to our right to retain data as described above
• Restrict or object to certain processing
• Receive your data in a portable format
• Withdraw consent at any time (e.g. disable push notifications in your device settings)
• California residents (CCPA): right to know what data is collected, right to opt out of sale (we do not sell data), and right to non-discrimination

To exercise your rights, contact us using the details in Section 12. We will respond within 30 days where required by law. We reserve the right to verify your identity before fulfilling any request and to decline requests that are manifestly unfounded, excessive, or repetitive.

9. Push Notifications

With your permission, we send push notifications for booking updates, reminders, and messages. You can withdraw permission at any time via your device settings (Settings → Notifications → [App Name]). Withdrawing permission does not affect prior processing and may limit certain App functionality.

10. Security

We implement industry-standard technical and organisational measures to protect your data. However, no method of transmission or storage is completely secure. We cannot guarantee the absolute security of your data, and you provide it at your own risk. We are not liable for any unauthorised access, breach, or loss that is beyond our reasonable control.

You are responsible for maintaining the confidentiality of your account credentials. We are not responsible for any loss or damage arising from your failure to keep your credentials secure or from unauthorised use of your account.

11. Limitation of Liability

To the fullest extent permitted by applicable law, we shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of, or inability to use, the App or any data collected through it.

We do not warrant that the App will be uninterrupted, error-free, or free from data loss. We reserve the right to suspend, modify, or discontinue the App or any part of it at any time without notice and without liability to you.

We reserve the right to suspend or terminate your account at any time if we believe you have violated our terms, misused the App, or if required by law, without liability or prior notice.

12. Children's Privacy

The App is not intended for use by children under 13 (or 16 where required by applicable law). We do not knowingly collect data from children. If we become aware of such collection, we will delete the data promptly. We accept no liability for data submitted by or on behalf of minors without appropriate parental consent.

13. Governing Law

This Privacy Policy and any disputes arising from it shall be governed by and construed in accordance with the laws of England and Wales. You agree to submit to the exclusive jurisdiction of the courts of England and Wales in relation to any dispute arising from this policy or your use of the App.

14. Changes to This Policy

We reserve the right to update or replace this Privacy Policy at any time at our sole discretion. Where required, we will provide notice of material changes through the App or by email. Your continued use of the App following any changes constitutes your acceptance of the new policy. The date at the top of this page indicates when it was last revised.

15. Contact

For questions or requests relating to this Privacy Policy, contact us at: