Privacy Policy

1. Introduction

FrontDesk ("we," "our," or "us"), operating from Saskatchewan, Canada, is a B2B SaaS platform designed to help boutique fitness studios in Canada and the United States manage their operations. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.

By using FrontDesk, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name
• Password (encrypted and stored securely)
• Communication preferences

2.2 Operational Data

When you use our platform, we collect operational information you provide, including notes, tasks, equipment data, inventory, documents, and feedback surveys.

Important: Do not upload Sensitive Personal Information about your customers, such as government IDs, payment card data, precise home addresses, health/medical information, or biometric data. Limited contact information (e.g., customer email) may be collected only through features that explicitly request it (such as optional survey email fields).

2.3 Usage and Analytics Data

We automatically collect usage information, including IP addresses, activity logs, page views, device information, and performance metrics.

2.4 Payment Information

Payment processing is handled by Stripe. We store your Stripe Customer ID and subscription details, but we never store your credit card information directly. All payment data is processed and stored securely by Stripe in compliance with PCI DSS standards.

3. How We Use Your Information

We use your information to:

• Provide and maintain the FrontDesk platform
• Process your subscription payments and billing
• Improve our services through analytics and product insights
• Provide customer support and respond to inquiries
• Send important service updates and security notices
• Comply with legal obligations and enforce our Terms of Service

We do not sell, rent, or share your data with third parties for marketing purposes.Data is only shared with service providers necessary to operate the platform.

4. Third-Party Service Providers

We work with trusted third-party service providers to deliver our platform. Your data may be shared with the following services:

5. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide services.

• Active Accounts: Your operational data (notes, shifts, bikes, supplies, etc.) is retained indefinitely while your account is active.
• Account Cancellation: If you cancel your subscription but do not delete your account, your data remains accessible indefinitely unless you request deletion.
• Account Deletion: When you explicitly delete your account, we use a "soft delete" approach by marking your account as deleted with a timestamp. Your data is no longer accessible through the platform and is permanently deleted within 30 days.
• Backup Data: Backup copies may be retained for up to 90 days for disaster recovery purposes.
• Legal Obligations: We may retain certain data longer if required by law or for legitimate business purposes (e.g., billing records, tax records, audit logs).

To request account deletion, please contact us at contact@getfrontdesk.io.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (HTTPS/TLS) for all data transmission
• Encryption at rest for database storage
• Secure password hashing via Supabase Auth
• Row-Level Security (RLS) policies in our database to ensure multi-tenant data isolation
• Regular security audits and updates
• Access controls and authentication for all API endpoints
• Activity logging for audit trails

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Export: Request a copy of your data in a portable format
• Opt-Out: Unsubscribe from email summaries and marketing communications
• Withdrawal of Consent: Withdraw consent for data processing where applicable

To exercise any of these rights, please contact us at contact@getfrontdesk.io. We will respond to your request within 30 days.

8. International Data Transfers

FrontDesk operates from Saskatchewan, Canada, and serves customers in Canada and the United States. Your data is processed and stored on US-based servers (Supabase, Vercel, OpenAI, Stripe, etc.). By using our services, you consent to the transfer of your data to the United States for processing and storage.

We ensure that all third-party service providers maintain adequate data protection standards and comply with applicable privacy regulations, including GDPR, PIPEDA (Canada), and CCPA (California).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, track analytics, and improve performance. You can control cookies through your browser settings, though disabling them may affect certain features.

10. Customer Feedback Surveys

Our platform allows studios to collect customer feedback via public survey links (QR codes). If you submit feedback as a customer:

• Your email address is optional but may be collected
• Ratings and comments are stored and visible to the studio
• AI sentiment analysis is applied to your feedback
• Your feedback is used to improve studio operations

If you have questions about how a specific studio uses your feedback, please contact the studio directly.

11. Children's Privacy

FrontDesk is a B2B platform intended for business use by fitness studio operators aged 18 and older. Account holders must be at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If you believe we have inadvertently collected such information, please contact us immediately at contact@getfrontdesk.io.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. The "Last Updated" date at the top of this policy indicates when it was last revised.

Your continued use of FrontDesk after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: