Privacy Policy

Effective Date: March 21, 2026

Chronix Hub (“we”, “us”, “our”) is committed to protecting the privacy of studio operators, their staff, and their clients. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

By using our Service, you agree to the collection and use of information in accordance with this policy. This policy should be read alongside our Terms of Service.

1. Information We Collect

Information You Provide

  • Account information: name, email address, phone number, business name, and address.
  • Billing information: payment details are processed by our third-party payment processor. We only store the last four digits of your card number and billing address for record-keeping.
  • Business data: class schedules, client and member records, staff information, booking history, payroll data, invoices, and point-of-sale transactions.
  • Communications: messages you send to us via email or support channels.

Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, and timestamps.
  • Device information: IP address, browser type and version, operating system, and screen resolution.
  • Cookies and similar technologies: see Section 5 for details.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service.
  • Process payments and manage subscriptions.
  • Send transactional emails (account confirmations, billing receipts, service updates).
  • Provide customer support and respond to enquiries.
  • Detect, prevent, and address fraud and security issues.
  • Analyse usage patterns to improve the Service (using aggregated, anonymised data).
  • Comply with legal obligations.

We do not sell your personal data. We do not use your data for advertising.

3. Data Sharing & Third Parties

We only share your data with trusted third parties that are necessary to operate the Service:

  • Payment processor: PCI-DSS compliant third-party processor for secure payment handling.
  • Supabase: database hosting and authentication.
  • Vercel: application hosting and performance monitoring.
  • Sentry: error monitoring and application stability (may capture anonymised error context including IP addresses).
  • Google Analytics: anonymised usage analytics to improve the Service.
  • Law enforcement: when required by law, court order, or governmental regulation.

We do not sell, rent, or trade your personal data to data brokers or any other third parties.

4. Security

We take the security of your data seriously and implement industry-standard safeguards:

  • Encryption in transit: all data transmitted between your browser and our servers is encrypted using TLS 1.3.
  • Encryption at rest: data stored in our databases is encrypted using AES-256.
  • Access control: role-based access control limits production data access to authorised personnel only.
  • Payment security: our payment processor maintains PCI-DSS compliance. We never store full payment card numbers on our servers.
  • Regular reviews: we conduct periodic security reviews and apply patches promptly.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Cookies & Tracking Technologies

We use the following types of cookies and tracking technologies:

Essential Cookies

Required for the Service to function. These include session cookies and authentication tokens. You cannot opt out of essential cookies as the Service will not function without them.

Analytics Cookies

We use Google Analytics to understand how visitors interact with our website. This data is anonymised and used to improve the Service. Google Analytics uses cookies to collect information about your browsing behaviour.

Performance Monitoring

We use Vercel Speed Insights to monitor page load times and performance. This data is collected anonymously to help us optimise the user experience.

We do not use advertising or targeting cookies.

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling essential cookies may prevent you from using certain features of the Service.

6. Data Retention

  • Active accounts: your data is retained for as long as your Account is active.
  • After cancellation: you have 30 days to request and download a data export.
  • Deletion: primary account data is deleted within 90 days of Account closure.
  • Backups: backup copies are purged within 180 days of Account closure.
  • Anonymised data: aggregated, anonymised data that cannot identify you may be retained indefinitely for analytical purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request that we delete your personal data.
  • Data portability: request your data in a structured, machine-readable format (JSON or CSV export).
  • Objection: object to the processing of your personal data in certain circumstances.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at info@chronixhub.com. We will respond within 30 days.

8. GDPR Compliance

If you are located in the European Economic Area (EEA) or the United Kingdom, the following applies:

  • Data controller: Chronix Hub is the data controller for personal data collected through the Service.
  • Legal bases for processing: we process your data under the following legal bases:
    • Contract performance: processing necessary to provide the Service you subscribed to.
    • Legitimate interests: improving the Service, preventing fraud, and ensuring security.
    • Consent: where you have given explicit consent (e.g., marketing communications).
  • Right to complain: you have the right to lodge a complaint with your local data protection supervisory authority.

9. CCPA / California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to know: what personal information we collect, use, and disclose about you.
  • Right to delete: request deletion of your personal information.
  • Right to opt-out: opt out of the sale of your personal information.
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

We do not sell personal information. If you wish to exercise any of these rights, contact us at info@chronixhub.com.

10. International Data Transfers

Your data may be processed and stored in countries outside your own, including the United States, where our infrastructure providers (Supabase, Vercel, Sentry) operate. When data is transferred internationally, we ensure that appropriate safeguards are in place, including standard contractual clauses and data processing agreements with our service providers.

11. Children’s Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us immediately and we will take steps to delete it.

12. Changes to This Policy & Contact

Policy Updates

We may update this Privacy Policy from time to time. When we make material changes, we will notify you at least 30 days in advance by email. The “Effective Date” at the top of this page will be updated accordingly.

Contact Us

If you have questions or concerns about this Privacy Policy or your personal data, contact the Chronix Hub Privacy Team at info@chronixhub.com.