Privacy Policy
RunStudio ("we", "us", "our") provides software that boutique fitness studios use to manage member messaging, class bookings, and payments. This policy explains what personal data we process, why, and the choices you have. We act as the data processor on behalf of the studio that uses RunStudio (the data controller for its members' data); for staff accounts and the platform itself we are the controller.
1. Who we are
For any privacy question or request, contact us at patrickabcross@outlook.com.
2. Data we collect
- Staff accounts. When studio staff sign in with Google, we receive their name and email address to authenticate them and control access. We do not read Gmail, Calendar, or Contacts.
- Members. On behalf of the studio we process member details such as name, phone number, email, class bookings and attendance, and pass or membership status.
- WhatsApp messages. When a member messages the studio's WhatsApp Business number, or the studio replies, we process the content and metadata of those messages to deliver the conversation to the studio's inbox. WhatsApp messaging is provided through the WhatsApp Business Platform operated by Meta.
- Payments. Payments are processed by Stripe. We never see or store full card details — only tokenised customer, subscription, and payment identifiers returned by Stripe.
- Member mobile activity. If a member uses the studio's mobile app, we may process activity they log, including food and calorie entries they choose to record.
- Technical data. A session cookie keeps staff signed in. We keep operational logs needed to run and secure the service.
3. How we use data
- To deliver the core service: showing member conversations, managing the schedule and bookings, and recording passes and payments.
- To send WhatsApp messages a studio initiates, subject to member opt-in and Meta's messaging rules (including the requirement to use approved message templates outside the 24-hour customer-service window).
- To process payments and keep membership and pass records accurate.
- To secure, maintain, and improve the service and to comply with our legal obligations.
We do not sell personal data, and we do not use member messages for advertising.
4. WhatsApp and Meta
Messaging features rely on the WhatsApp Business Platform. When you interact with a studio over WhatsApp, your message is also processed by Meta under WhatsApp's own privacy policy. Members must opt in to receive WhatsApp messages from the studio and can opt out at any time by telling the studio or replying to stop messages.
5. Sharing and processors
We share data only with service providers that help us run RunStudio, under contracts that require them to protect it:
- Meta / WhatsApp — message delivery.
- Stripe — payment processing.
- Neon — managed database hosting.
- Vercel and Fly.io — application and webhook hosting.
- Google — staff sign-in.
We may also disclose data if required by law or to protect our rights, users, or the public.
6. Retention
We keep personal data for as long as the studio's account is active and as needed to provide the service, then delete or anonymise it within a reasonable period, unless a longer period is required by law (for example, financial records). Studios can request deletion of member data on a member's behalf.
7. Security
We use industry-standard measures to protect data, including encryption in transit and encryption at rest for stored secrets. Card data is handled entirely by Stripe (a PCI-DSS Level 1 provider) and never stored on our systems.
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, or restrict the processing of your personal data, and to object or request portability. To exercise these rights, contact us at patrickabcross@outlook.com or the studio you interact with. If you reached us through a studio, we will work with that studio to handle your request.
9. Children
RunStudio is not directed to children under 16, and we do not knowingly collect their personal data.
10. Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice.
11. Contact
Questions about this policy or our handling of your data? Email patrickabcross@outlook.com.