top of page

Privacy Policy

A legal disclaimer

Effective Date: September 1st, 2025

This Privacy Policy explains how Noble Pilates ("Noble Pilates," "we," "us," or "our") collects, uses, discloses, and protects information about you when you use our website, booking tools, communications, and related services (collectively, the "Services"). By using the Services, you consent to the practices described here.

Plain‑English summary (not a substitute for the full policy): We collect basic account, booking, and payment info; optional wellness/intake info you choose to share; and standard device/analytics data. We use it to run the studio—schedule sessions, process payments, communicate with you, and improve the website. We don’t sell your data.

1) Scope

This Policy applies to information we process through our website and associated booking and communication tools. It does not apply to third‑party websites or services that are not under our control, even if linked from our site.

2) Information We Collect

We collect the following categories of information:

A. You provide directly

  • Account & Contact Info: name, email, phone number, password (hashed), and similar.

  • Booking Details: session type (e.g., private mat/reformer or online), dates/times, preferences.

  • Health/Wellness Intake (optional): brief information you voluntarily provide to tailor instruction (e.g., injuries, mobility considerations). Do not include sensitive medical details you would not want shared online.

  • Communications: messages, testimonials, feedback, and support requests.

  • Payment Info: processed by our payment provider (e.g., [[Stripe/Square]]). We do not store full card numbers.

B. Collected automatically

  • Device/Usage Data: IP address, browser type, pages viewed, referring/exit pages, timestamps.

  • Cookies & Similar Tech: see Section 9.

C. From third parties

  • Scheduling Platform: booking confirmations, reschedules, attendance ([[Acuity/Calendly]]).

  • Video Platform (for online sessions): meeting links and status ([[Zoom/Google Meet]]).

  • Email/SMS Tools: delivery status, opens/clicks for transactional messages ([[Mailchimp/Klaviyo/Twilio]]).

3) How We Use Information

We use information to:

  • Provide, operate, and maintain the Services (e.g., book sessions, send confirmations and reminders).

  • Personalize sessions and support your goals (e.g., consider voluntary intake notes).

  • Process payments and prevent fraud.

  • Communicate with you (transactional notices, service updates; marketing only with your opt‑in).

  • Monitor, analyze, and improve the Services (website performance, usability, new offerings).

  • Comply with legal obligations and enforce our Terms of Service.

Legal bases for processing (EEA/UK users): Your consent; performance of a contract; our legitimate interests (e.g., running and improving the Services); compliance with legal obligations.

4) When We Disclose Information

We disclose information to:

  • Service Providers/Processors who help us run the Services (hosting/CDN [[Squarespace/WordPress+Host]], scheduling [[Acuity/Calendly]], payments [[Stripe/Square]], communications [[Mailgun/Twilio]], analytics [[Plausible/Google Analytics]]). They may access information only to perform services for us and must protect it.

  • Professional Advisors (lawyers, accountants) under confidentiality.

  • Legal/Compliance when required by law, lawful requests, or to protect rights, safety, and security.

  • Business Transfers in a merger, financing, or sale of assets; we’ll continue to protect your information and provide notice of any material change.

We do not sell personal information and we do not share it for cross‑context behavioral advertising as defined by the California Consumer Privacy Act (CCPA), as amended by the CPRA. If this changes, we will update this Policy and provide required opt‑out links.

5) Health Information & HIPAA Notice

We provide fitness and wellness instruction—not medical care—through the Services. Information you share for class suitability (e.g., “lower back sensitivity”) is used only to tailor instruction. We are not a HIPAA‑covered entity when providing sessions through this website. If a licensed healthcare service is offered separately (e.g., physical therapy), it will be governed by separate consent forms and privacy notices.

6) Your Privacy Choices

  • Access/Update: You can request access to or correction of your info by contacting us (Section 13).

  • Marketing Opt‑Out: Use the unsubscribe link in emails or reply STOP to SMS, or contact us.

  • Cookies: Manage via your browser or see Section 9 for choices.

  • Withdraw Consent (EEA/UK): Where processing is based on consent, you can withdraw it at any time.

7) Your Rights (Location‑Specific)

Your rights depend on your location. Subject to applicable law, you may have the right to access, delete, correct, port, or restrict processing of your personal information, and to object to certain processing.

California (CCPA/CPRA): You may request (1) access to categories/specific pieces of personal information, (2) deletion, (3) correction of inaccuracies, and (4) to limit use/disclosure of any sensitive personal information (which we do not use beyond permitted purposes). We do not sell or share personal information. We will not discriminate against you for exercising your rights.

EEA/UK: You may have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority.

Submit requests via Section 13. We may verify your identity and respond within the time required by law.

8) Data Retention

We retain information for as long as needed to provide the Services and for legitimate business or legal purposes. Typical retention: 24 months after your last interaction, unless a longer (or shorter) period is required by law or operational necessity (e.g., accounting, dispute resolution). We may anonymize data for research and analytics.

9) Cookies & Analytics

We use:

  • Strictly Necessary Cookies to enable bookings, security, and core functionality.

  • Functional Cookies (e.g., remembering preferences).

  • Analytics to understand aggregate usage and improve the site.

You can manage cookies via browser settings. If we implement advertising or cross‑site tracking, we will update this Policy and provide opt‑out mechanisms.

10) Security

We use reasonable administrative, technical, and physical safeguards designed to protect your information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11) International Transfers

We operate in the United States and may transfer information to service providers in other countries. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for transfers from the EEA/UK.

12) Children’s Privacy

Our Services are not directed to children under 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If we learn that a child has provided personal information, we will delete it.

13) Contact Us

Questions or requests?

14) Changes to This Policy

We may update this Policy periodically. When we do, we will revise the "Effective Date" above and, if changes are material, provide additional notice as required. Your continued use of the Services after an update means you accept the revised Policy.

15) State‑Specific Notices (U.S.)

Notice at Collection (California): We collect identifiers (name, email, phone), commercial information (bookings, transactions), internet/usage data (device info, IP, pages visited), geolocation (coarse IP‑based), and professional information (as relevant to bookings). We use these for the purposes described in Sections 3–4. We do not sell or share personal information and do not use sensitive personal information for purposes requiring a "Limit Use" link.

Virginia/Colorado/Connecticut/Utah: We process personal data for the purposes in Section 3 and provide rights similar to those described above. We do not process personal data for targeted advertising or sell personal data as defined by these laws.

16) Third‑Party Details (Transparency)

We currently use (or may use) the following categories of processors; exact providers may change:

  • Hosting/CDN: website hosting and security (e.g., [[Squarespace/WordPress+Host]]).

  • Scheduling: booking, reminders, waitlists (e.g., [[Acuity/Calendly]]).

  • Payments: card processing and antifraud (e.g., [[Stripe/Square]]).

  • Comms: email/SMS delivery and logs (e.g., [[Mailgun/Twilio/Mailchimp]]).

  • Video/Meetings: online session links and delivery (e.g., [[Zoom/Google Meet]]).

  • Analytics: site performance and usage (e.g., [[Plausible/Google Analytics]]).

We will keep this list reasonably up‑to‑date; the current providers are available on request.

bottom of page