Privacy Policy

Pilate ("Pilate," "we," "us") provides a studio operating system for Pilates businesses. This Privacy Policy explains what information we collect when studios, instructors, and clients use our platform, and how that information is handled.

When you create an account or use the product, we collect the information you give us directly:

• Account data: name, email address, role, and the studio you belong to.
• Studio operations data: classes, schedules, instructor assignments, equipment, packages, and bookings you create inside the product.
• Client data uploaded by studios: client profile details, attendance, notes, and waitlist activity that studios choose to track.
• Usage data: pages visited, features used, and interactions with the AI agent. We use this to improve the product and surface relevant guidance.
• Device and log data: IP address, browser, and timestamps for security and abuse prevention.

We use the information described above to:

• Operate the scheduling, client, and equipment tools you rely on.
• Power the AI agent that proposes actions inside your studio.
• Send transactional messages — class reminders, booking confirmations, and account notifications.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell personal information. We do not use studio or client data to train third-party AI models without explicit permission.

We share information only in these limited situations:

• With your studio: if you are an instructor or client, the studio that owns the account can see your activity in the product.
• Service providers: infrastructure, email delivery, analytics, and AI providers that process data on our behalf under confidentiality and data-processing agreements.
• Legal and safety: when required by law, to protect users, or to enforce our terms.
• Business transfers: in the event of a merger, acquisition, or sale of assets, with notice to affected accounts.

We retain account and operations data for as long as your studio uses Pilate. When an account is deleted, we remove or anonymize associated data within 90 days, except where retention is required for legal, accounting, or security reasons.

Depending on where you live, you may have the right to access, correct, export, or delete personal information we hold about you, and to object to certain processing. Studio owners can manage most of this directly inside the product. For everything else, contact us at privacy@pilate.app.

If your account exists because a studio added you, requests to delete that data should generally be made to the studio first; we will assist where we can.

We use encryption in transit, scoped database access, audit logging, and regular review of our infrastructure. No system is perfectly secure, so we encourage strong passwords and prompt reporting of any suspected compromise.

Pilate is hosted in the United States. If you access the product from outside the U.S., your information will be transferred to and processed in the U.S. under appropriate safeguards.

Pilate is not directed to children under 13. If a studio enrolls a minor, the studio is responsible for collecting any consent required by law and for managing that profile.

We may update this Privacy Policy from time to time. Material changes will be highlighted in-product or by email before they take effect. Continued use of Pilate after the effective date means you accept the revised policy.