[ Legal ]

Privacy Notice

Last updated: 2 July 2026

1. Who we are

This site is operated by Shape your body ("we", "us", "our"), a female-only Pilates studio offering hot mat and classic mat classes, events, and a members' community. We act as the data controller for personal data collected through this site and our services.

Contact: reach out via the community chat or the email address published on our booking pages.

2. Personal data we collect

  • Account data: name, email, phone number, password (hashed), profile photo, bio.
  • Booking & attendance data: classes and events you book, check-ins, membership tier, class credits, referral activity.
  • Community data: messages you post in group chat or direct messages, friend connections.
  • Device & usage data: IP address, browser, device identifiers, push notification tokens, log data.
  • Payment metadata: subscription and transaction identifiers returned by our payment processor (we do not store card details).

3. Why we use your data (legal basis)

  • To provide the service — bookings, memberships, community access (contract).
  • Security & fraud prevention — protect accounts and the studio (legitimate interests).
  • Communications — class reminders, booking confirmations, service updates (contract / legitimate interests).
  • Marketing push notifications — only after you opt in (consent).
  • Legal obligations — tax, accounting, safeguarding.

4. Who we share data with

  • Paddle.com Market Ltd — our Merchant of Record. Paddle handles all payments, subscription billing, tax compliance, invoicing and refunds, and is a recipient of the personal data required to process your purchase.
  • Hosting & backend providers — for running the app, database and authentication.
  • OneSignal — to deliver push notifications you have opted in to receive.
  • Professional advisers — accountants and legal advisers where necessary.
  • Authorities — where required by law.

We do not sell your personal data.

5. International transfers

Some of our providers process data outside the UK/EEA. Where that happens we rely on appropriate safeguards such as Standard Contractual Clauses or UK/EU adequacy decisions.

6. Retention

We keep your account and booking data for as long as your account is active and for a reasonable period afterwards to comply with legal, tax and accounting obligations. Chat messages remain visible in the community until deleted by you or a moderator. When data is no longer needed it is deleted or anonymised.

7. Your rights

Depending on your location you may have the right to access, correct, delete, restrict or object to processing of your personal data, to portability, and to withdraw consent at any time. You also have the right to complain to your local data protection authority (in the UK, the ICO). To exercise any of these rights contact us and we will respond within one month.

8. Security

We use appropriate technical and organisational measures — including encryption in transit, hashed passwords, role-based access control and row-level security on our database — to protect your data. No system is 100% secure, so we also ask you to keep your password confidential.

9. Cookies & similar technologies

We use strictly necessary cookies and local storage to keep you signed in and remember your preferences. Our payment processor and push notification provider may set their own cookies when you interact with them. You can control cookies through your browser settings.

10. Changes

We may update this notice from time to time. Material changes will be communicated in-app or by email.