Stunningmuscle

Privacy Policy

Effective date:

This Privacy Policy describes how Stunningmuscle ("we," "us," or "our") collects, uses, stores, and protects personal information when you visit stunningmuscle.world, submit inquiries through our contact form, book fitness workshops, or otherwise interact with our services. We are committed to transparency and compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) where applicable, and other relevant data protection legislation.

1. Data Controller Information

The data controller responsible for your personal information is:

Stunningmuscle
2707 Folsom St
San Francisco, CA 94110
United States
Email: hello@stunningmuscle.world
Phone: +1 415-481-7287

For any privacy-related inquiries, data subject requests, or concerns about how your information is handled, please contact us using the details above. We will respond to verified requests within the timeframes required by applicable law, typically within thirty days for GDPR requests and forty-five days for CCPA requests.

2. Scope of This Policy

This policy applies to all personal data processed through our website, email communications, phone interactions, workshop registrations, and any related business activities conducted by Stunningmuscle. It does not apply to third-party websites or services that may be linked from our pages. We encourage you to review the privacy policies of any external sites you visit.

Our website provides general informational content about no-equipment fitness workshops. We do not offer medical services, and any health-related information you voluntarily share with us is treated with heightened care but is not used for diagnostic or treatment purposes.

3. Categories of Personal Data We Collect

3.1 Information You Provide Directly

When you use our contact form, register for a workshop, request a personalized movement plan, or communicate with us by email or phone, we may collect:

  • Full name
  • Email address
  • Phone number (if provided)
  • Postal address or venue location for workshop delivery
  • Message content and inquiry details
  • Workshop preferences, group size, and scheduling requirements
  • GDPR consent confirmation and communication preferences

3.2 Information Collected Automatically

When you browse our website, certain technical data may be collected automatically through cookies and similar technologies, subject to your consent preferences:

  • IP address (anonymized where possible for analytics)
  • Browser type and version
  • Operating system
  • Device type and screen resolution
  • Pages visited and time spent on each page
  • Referring URL and exit pages
  • Date and time of access

Details about cookies and tracking technologies are described in our Cookie Policy.

3.3 Information from Third Parties

We do not purchase personal data from data brokers. In limited circumstances, we may receive information from:

  • Corporate clients who register employees for team workshops (name and email only, with the client's authorization)
  • Payment processors confirming transaction completion (we do not store full payment card numbers)
  • Publicly available business directories when verifying venue addresses

4. Legal Bases for Processing (GDPR)

Under the GDPR, we process personal data only when a lawful basis applies. The bases we rely on include:

  • Consent (Article 6(1)(a)): When you submit our contact form, accept non-essential cookies, or opt in to marketing communications.
  • Contractual necessity (Article 6(1)(b)): When processing is required to fulfill a workshop booking, deliver agreed services, or respond to pre-contractual inquiries.
  • Legitimate interests (Article 6(1)(f)): For website security, fraud prevention, service improvement, and internal record-keeping, balanced against your rights and freedoms.
  • Legal obligation (Article 6(1)(c)): When retention or disclosure is required by tax, accounting, or other applicable laws.

5. Purposes of Data Usage

We use collected personal data exclusively for the following purposes:

  • Responding to inquiries submitted through our contact form or email
  • Processing workshop bookings and delivering educational fitness sessions
  • Creating and distributing personalized non-medical movement plans upon request
  • Sending transactional communications such as booking confirmations, schedule changes, and session summaries
  • Improving website content, usability, and performance through anonymized analytics (with consent)
  • Delivering marketing communications about workshops and programs (with explicit consent only)
  • Maintaining accurate business records for accounting and legal compliance
  • Protecting our website and services against unauthorized access, abuse, or security threats
  • Resolving disputes and enforcing our Terms of Use

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Contact form submissions: Retained for twenty-four months from the date of submission, then securely deleted unless an active business relationship exists.
  • Workshop booking records: Retained for seven years to comply with tax and accounting obligations in California.
  • Marketing consent records: Retained for the duration of consent plus three years for audit purposes.
  • Cookie consent preferences: Stored locally on your device until cleared or updated. Server-side logs retained for twelve months.
  • Analytics data: Aggregated and anonymized data may be retained indefinitely. Identifiable analytics data is deleted after fourteen months.
  • Email correspondence: Retained for three years from the last communication in the thread.

When retention periods expire, data is securely deleted or irreversibly anonymized using industry-standard methods.

7. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal data. We share information only with trusted service providers who assist in operating our business, under strict data processing agreements:

  • Website hosting providers (server infrastructure within the United States)
  • Email delivery services for transactional and consent-based marketing messages
  • Payment processors for workshop fee collection (tokenized payment data only)
  • Analytics providers (only when you consent to analytics cookies)

All processors are contractually obligated to process data solely on our instructions, implement appropriate security measures, and comply with applicable data protection laws. A list of sub-processors is available upon request.

We may disclose personal data when required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of Stunningmuscle, our clients, or the public.

8. International Data Transfers

Our primary operations and data storage are located in the United States. If you access our website from the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, your data may be transferred to the U.S. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission where required, and we assess transfer risks regularly.

9. Security Measures

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all website communications
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Regular security reviews of our hosting environment and application configurations
  • Secure deletion procedures for expired data
  • Staff training on data protection principles and incident response protocols
  • Password policies and multi-factor authentication for administrative systems

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but commit to notifying affected individuals and relevant authorities of data breaches within seventy-two hours where required by GDPR.

10. Your Rights Under GDPR and Applicable Laws

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your data when no lawful basis for retention exists.
  • Right to restriction of processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with your local data protection authority.

California residents may additionally have rights under the CCPA, including the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at hello@stunningmuscle.world. We may request identity verification before processing your request.

11. Children's Privacy

Our website and services are not directed at individuals under the age of sixteen. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such data.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The effective date at the top of this page indicates when the current version took effect. Material changes will be communicated through a notice on our website. We encourage you to review this page regularly.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please reach out:

Stunningmuscle
2707 Folsom St, San Francisco, CA 94110
Email: hello@stunningmuscle.world
Phone: +1 415-481-7287