Privacy Policy

1. Introduction

FullClass ("we," "us," or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our Service, and the choices you have with respect to your information.

This policy is designed to comply with applicable privacy laws in the jurisdictions where we operate, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (Law 25), and the California Consumer Privacy Act (CCPA/CPRA) for California residents. Where a specific section applies only to users in a particular jurisdiction, that is noted.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Privacy Officer

We have designated a Privacy Officer who is responsible for overseeing our compliance with applicable privacy laws. For all privacy-related inquiries, requests, or complaints, please contact our Privacy Officer at:

Privacy Officer
FullClass
Email: [email protected]

We will acknowledge receipt of your inquiry within 5 business days and respond substantively within 30 days, or within the timeframe required by applicable law.

3. Information We Collect

3.1 Information You Provide

We collect personal information that you voluntarily provide when registering for or using the Service, including:

• Identity information: name, business name
• Contact information: email address, phone number, postal address
• Payment information: billing address (full payment card numbers are processed directly by Stripe and are never stored by us; see Section 5)
• Account credentials: username and password
• Customer data: information about your business's clients that you upload or enter into the platform
• Communications: messages you send to our support team

3.2 Information Collected Automatically

When you access and use the Service, we automatically collect:

• Log data: IP address, browser type and version, pages visited, time and date of visits, time spent on pages
• Device information: device type, operating system
• Usage data: features used, actions taken within the platform
• Cookies and similar tracking technologies (see Section 10)

3.3 Sensitive Information

The Service is designed for fitness and wellness businesses. We do not intentionally collect sensitive health or medical information about you. However, if you or your business clients voluntarily provide health-related information (e.g. injury notes, fitness goals) through the platform, you acknowledge that such information may be stored and processed in accordance with this Privacy Policy. We recommend businesses implement their own privacy notice for client data collected through the platform.

4. How We Use Your Information

We use the information we collect only for the purposes for which it was collected, or as otherwise permitted by law. Specifically, we use your information to:

• Provide the Service: to operate, maintain, and deliver the features and functionality of the Service
• Billing and payments: to process your subscription payments and manage your account
• Communications: to send you transactional emails, technical notices, security alerts, and support messages
• Improvement: to monitor and analyze usage patterns and trends to improve the Service
• Security and fraud prevention: to detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activity
• Legal compliance: to comply with our legal obligations and enforce our agreements
• Marketing (where consented): to send promotional communications where you have provided express consent. You may withdraw consent and opt out at any time by clicking "Unsubscribe" in any marketing email or contacting us at [email protected]

We do not use your personal information for automated decision-making that produces legal or similarly significant effects without human review.

5. Payment Information

Your subscription payments to us. We use Stripe, Inc. to process the subscription fees you pay for access to the platform. Your full credit or debit card number is transmitted directly to Stripe and is never stored on our servers. We store only a tokenized reference provided by Stripe and the card brand and last four digits for display in your billing settings. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.

Payments you collect from your own customers. When you connect a payment provider — Stripe, Square, or PayPal — to take bookings and other payments from your customers through the platform, those payments are processed by the provider you connect, under its own privacy policy and terms. Your customers' full card numbers are transmitted directly to that provider and are never stored on our servers; we retain only non-sensitive transaction metadata (such as the card brand, last four digits, and a provider reference) needed to display, reconcile, and report on bookings. Square's and PayPal's handling of payment data is governed by the Square Privacy Policy and the PayPal Privacy Statement respectively.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We do not share your personal information with third parties for their own marketing purposes. We may share your information only in the following limited circumstances:

• Service providers: with trusted third-party vendors who perform services on our behalf (such as payment processing, cloud hosting, email delivery, and analytics), who are bound by confidentiality obligations and may only use your data to provide services to us
• Legal requirements: where required by law, court order, or regulatory authority
• Protection of rights: where we believe disclosure is necessary to protect the rights, property, or safety of FullClass, our users, or the public
• Business transfers: in connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, provided the acquiring party agrees to honor this Privacy Policy
• With your consent: in any other circumstances with your explicit prior consent

7. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), access controls, and regular security reviews.

Despite our efforts, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at [email protected].

8. Data Breach Notification

In the event of a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will notify you and any applicable regulatory authority as required by law. For Canadian users, this includes notification to the Office of the Privacy Commissioner of Canada under PIPEDA, and to the Commission d'accès à l'information (CAI) under Quebec Law 25. For US users, we will comply with applicable state breach notification laws.

Notification will be provided in a timely manner by email or through our platform, and will include the nature of the breach, the type of information involved, and steps you can take to protect yourself.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. In practice:

• Account and profile data is retained for the duration of your subscription plus 30 days after account closure (to allow for reactivation), after which it is deleted or anonymized
• Accounts that remain inactive for more than 12 months (no logins, bookings, or other activity) may be deleted at our discretion, with prior email notice where practicable, even if the account was not formally closed
• Billing and transaction records are retained for 7 years to comply with financial record-keeping and tax obligations
• Security logs (including IP addresses) are retained for up to 12 months
• Backup copies may be retained for up to 90 days after deletion from active systems

When data is no longer required, we will securely delete or anonymize it. You may request earlier deletion of your personal data subject to our legal retention obligations (see Section 11).

10. Cookies

We use cookies and similar tracking technologies (such as session tokens) to operate the Service and enhance your experience. Specifically, we use:

• Strictly necessary cookies: required for the Service to function (e.g. session management, CSRF protection). These cannot be disabled.
• Third-party analytics and advertising cookies (where a business enables them): a business can choose to connect a third-party analytics or advertising integration (such as Google Analytics or Google Ads) to its own public booking page. Where enabled, that provider may set cookies on visitors' devices to measure usage and conversions. These cookies are controlled by the business that enabled the integration and by the third-party provider, not by the FullClass admin application, and may be disabled via your browser settings.

The FullClass admin application itself sets only strictly necessary cookies; it does not set analytics or advertising cookies. You can control or delete cookies through your browser settings. Disabling strictly necessary cookies may prevent you from using the Service.

11. Your Privacy Rights

Subject to applicable law, you have the following rights regarding your personal information. To exercise any of these rights, contact our Privacy Officer at [email protected]. We will respond within 30 days, or within the timeframe required by applicable law.

• Access: request a copy of the personal information we hold about you
• Correction: request correction of inaccurate or incomplete information
• Deletion: request deletion of your personal information, subject to legal retention requirements
• Portability: receive your personal data in a structured, machine-readable format
• Withdrawal of consent: withdraw consent to processing at any time, without affecting the lawfulness of prior processing
• Objection: object to processing based on legitimate interests or for direct marketing purposes

Additional rights for Canadian users (PIPEDA and provincial laws)

You have the right to access your personal information and to challenge our compliance with PIPEDA by contacting the Office of the Privacy Commissioner of Canada at www.priv.gc.ca. Quebec residents have additional rights under Law 25, including the right to de-indexing (removal from search results) and automated decision-making review, and may lodge complaints with the Commission d'accès à l'information at www.cai.gouv.qc.ca.

Additional rights for California residents (CCPA/CPRA)

California residents have the following additional rights under the CCPA/CPRA:

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, our business or commercial purposes for collecting it, and the categories of third parties with whom we share it
• Right to Delete: request deletion of your personal information, subject to certain exceptions
• Right to Correct: request correction of inaccurate personal information
• Right to Opt Out of Sale or Sharing: we do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
• Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information beyond what is necessary to provide the Service
• Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, contact us at [email protected]. We will verify your identity before processing your request and will respond within 45 days (extendable by a further 45 days with notice).

Additional rights for US residents in other states

Residents of Virginia, Colorado, Connecticut, Texas, and other US states with applicable privacy laws may have similar rights to access, correct, delete, and port their personal data, and to opt out of certain processing. Contact us at [email protected] to exercise these rights.

We will not charge a fee for reasonable requests. We may need to verify your identity before fulfilling your request. If we deny your request, we will explain why and, where applicable, provide information about how to appeal our decision.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Australia, Canada, and the United States, where our servers and service providers are located. These countries may have different data protection laws than your own jurisdiction. Where we transfer personal data internationally, we take appropriate steps to ensure that your information is protected in a manner consistent with this Privacy Policy and applicable law.

13. Children's Privacy

The Service is directed to businesses and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you become aware that a child has provided us with personal information, please contact us at [email protected] and we will take steps to delete that information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or by prominently posting a notice within the Service at least 30 days before changes take effect (or as otherwise required by applicable law). The "Last updated" date at the top of this page indicates when this policy was last revised. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

15. Contact Us

For all privacy-related questions, requests, or complaints, please contact our Privacy Officer at [email protected]. General support inquiries can be directed to [email protected].