Privacy Policy

Effective Date: June 18, 2026

Chronix Hub (“we”, “us”, “our”) is committed to protecting the privacy of studio operators, their staff, and their clients. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

By using our Service, you agree to the collection and use of information in accordance with this policy. This policy should be read alongside our Terms of Service.

1. Information We Collect

Information You Provide

  • Account information: name, email address, phone number, business name, and address.
  • Billing information: the business and contact details needed to invoice you, such as business name, billing address, and any tax or VAT identifiers. We do not collect or store payment card numbers.
  • Business data: class schedules, client and member records, staff information, booking history, payroll data, invoices, and point-of-sale records.
  • Communications: messages you send to us via email or support channels.

Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, and timestamps.
  • Device information: IP address, browser type and version, operating system, and screen resolution.
  • Cookies and similar technologies: see Section 5 for details.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service.
  • Invoice you and manage your subscription.
  • Send transactional emails (account confirmations, invoices and receipts, service updates).
  • Provide customer support and respond to enquiries.
  • Detect, prevent, and address fraud and security issues.
  • Analyse usage patterns to improve the Service (using aggregated, anonymised data).
  • Comply with legal obligations.

We do not sell your personal data. We do not use your data for advertising.

3. Data Sharing & Third Parties

We only share your data with trusted third-party providers (sub-processors) that are necessary to operate the Service:

  • Payment providers: we do not currently use a third-party card processor. If we introduce one in the future (for example, Whish), it will receive only the information needed to process your payment, and we will update this policy beforehand.
  • Supabase: database hosting and authentication.
  • Vercel: application hosting, performance monitoring, and privacy-friendly usage analytics (Vercel Analytics and Speed Insights).
  • Sentry: error monitoring and application stability (may capture diagnostic error context, including IP addresses).
  • Resend: delivery of our transactional and notification emails (such as confirmations, reminders, and receipts), which requires sharing recipient names and email addresses.
  • WhatsApp (Meta): where a studio enables WhatsApp notifications, we send the message content and the recipient’s phone number and name to WhatsApp / Meta in order to deliver those messages.
  • Google Analytics: anonymised usage analytics to improve the Service.
  • Law enforcement: when required by law, court order, or governmental regulation.

We do not sell, rent, or trade your personal data to data brokers or any other third parties.

4. Security

We take the security of your data seriously and implement industry-standard safeguards:

  • Encryption in transit: data transmitted between your browser and our servers is protected using industry-standard transport encryption (TLS).
  • Encryption at rest: data stored in our databases is encrypted by our infrastructure providers.
  • Access control: role-based access control limits production data access to authorised personnel only.
  • Payment data: we do not process card payments or store card numbers. Subscription fees are invoiced and paid offline, so no cardholder data is held on our systems.
  • Ongoing maintenance: we aim to keep our software, dependencies, and infrastructure up to date and apply security patches as they become available.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Cookies & Tracking Technologies

We use the following types of cookies and tracking technologies:

Essential Cookies

Required for the Service to function. These include session cookies and authentication tokens. You cannot opt out of essential cookies as the Service will not function without them.

Analytics Cookies

We use Google Analytics to understand how visitors interact with our website. This data is anonymised and used to improve the Service. Google Analytics uses cookies to collect information about your browsing behaviour.

Performance Monitoring

We use Vercel Speed Insights and Vercel Analytics to monitor page load times, performance, and aggregate usage. This data is collected anonymously and is not used to track individuals across other websites.

We do not use advertising or targeting cookies.

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling essential cookies may prevent you from using certain features of the Service.

6. Data Retention

  • Active accounts: your data is retained for as long as your Account is active.
  • After cancellation: you have 30 days to request and download a data export.
  • Deletion: primary account data is deleted within 90 days of Account closure.
  • Backups: backup copies are purged within 180 days of Account closure.
  • Anonymised data: aggregated, anonymised data that cannot identify you may be retained indefinitely for analytical purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request that we delete your personal data.
  • Data portability: request your data in a structured, machine-readable format (JSON or CSV export).
  • Objection: object to the processing of your personal data in certain circumstances.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at info@chronixhub.com. We will respond within 30 days. If you are a client or member of a studio that uses Chronix Hub, please contact that studio directly, as they control your data and we act on their instructions.

8. GDPR Compliance

If you are located in the European Economic Area (EEA) or the United Kingdom, the following applies:

  • Our role (controller and processor): Chronix Hub is the data controller for the account and billing data of Subscribers and their staff. For the client, member, and business data that a Subscriber uploads into the Service, Chronix Hub acts as a data processor and processes that data only on the Subscriber’s instructions — the Subscriber is the controller of that data.
  • Legal bases for processing: we process your data under the following legal bases:
    • Contract performance: processing necessary to provide the Service you subscribed to.
    • Legitimate interests: improving the Service, preventing fraud, and ensuring security.
    • Consent: where you have given explicit consent (e.g., marketing communications).
  • Right to complain: you have the right to lodge a complaint with your local data protection supervisory authority.

9. CCPA / California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to know: what personal information we collect, use, and disclose about you.
  • Right to delete: request deletion of your personal information.
  • Right to opt-out: opt out of the sale of your personal information.
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

We do not sell personal information. If you wish to exercise any of these rights, contact us at info@chronixhub.com.

10. International Data Transfers

Your data may be processed and stored in countries outside your own, including the United States, where our infrastructure and service providers (Supabase, Vercel, Sentry, Resend, and — where a studio enables WhatsApp — Meta) operate. When data is transferred internationally, we rely on the safeguards offered by our service providers, including standard contractual clauses and data processing agreements where available.

11. Children’s Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us immediately and we will take steps to delete it.

12. Changes to This Policy & Contact

Policy Updates

We may update this Privacy Policy from time to time. When we make material changes, we will notify you at least 30 days in advance by email. The “Effective Date” at the top of this page will be updated accordingly.

Contact Us

If you have questions or concerns about this Privacy Policy or your personal data, contact the Chronix Hub Privacy Team at info@chronixhub.com.