Privacy Policy

Effective Date: 1st May 2026
Website and Application: www.sotoned.com (and any associated mobile application or digital platform)

So Toned LLC (“So Toned,” “we,” “us,” or “our“) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard the information you provide to us or that we collect automatically when you access our website located at www.sotoned.com, any associated mobile application (the “App“), or when you visit our physical studio located at 13756 83rd Way N, Maple Grove, MN 55369 (collectively, the “Services“).

This Privacy Policy is incorporated by reference into and made a part of our Terms and Conditions of Service (the “Terms“). By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and consent to the data practices described herein. If you do not agree with this Privacy Policy, you are prohibited from using the Services.

1. SCOPE AND CONSENT TO UPDATES

We reserve the right to modify this Privacy Policy at any time, in our sole discretion, to reflect changes in our operational practices or applicable legal requirements. In the event of material changes, we will provide notice through the Services, such as by posting a prominent notice on the Website or sending an email to the address associated with your Account. The date of the latest revision will be indicated by the “Effective Date” referenced above. Your continued use of the Services following the posting of changes constitutes your binding acceptance of the revised Privacy Policy.

2. CATEGORIES OF PERSONAL INFORMATION COLLECTED

For purposes of this Privacy Policy, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. We collect the following categories of Personal Information:

2.1 Information You Provide Directly to Us.

• Account and Registration Data: Full name, email address, mobile telephone number, date of birth, username, and encrypted password.
• Transactional and Billing Data: Billing address, membership tier selection, class credit history, and payment card details. Please note: Full payment card numbers are not stored or directly accessible by So Toned; they are transmitted directly to and processed by our third-party payment processors compliant with Payment Card Industry Data Security Standard (PCI DSS) requirements.
• OTP Verification Data: In order to secure your Account and verify ownership of the contact method provided, we utilize a One-Time Passcode (“OTP“) verification process. During initial registration or when sensitive account changes are requested, a unique numeric code is sent via SMS text message to the mobile number provided, or via email to the address provided. We collect the metadata regarding the transmission (such as phone number, timestamp, and verification success/failure status) for security auditing and fraud prevention. We do not permanently store the content of the OTP code itself after the verification window has expired.
• Health and Safety Information: Information voluntarily disclosed by you to coaching staff regarding physical limitations, injuries, pregnancy status, or medical conditions that are reasonably necessary to ensure your safety during Lagree method workouts. This information may be documented in a client intake profile solely for the purpose of providing safe coaching modifications.
• Communications Content: Records of correspondence, feedback, support requests, or inquiries you submit via email, text, or through the Website.

2.2 Information Collected Automatically.

• Device and Usage Data: Internet Protocol (IP) address, browser type and version, device operating system, unique device identifiers, referring and exit pages, clickstream data, date and time stamps, and interaction metrics with the Website and App.
• Activity and Booking Data: Detailed logs of class reservations, cancellations, waitlist activity, attendance history, and no-show records. This data is essential for the enforcement of our Late Cancellation and No-Show policies as defined in the Terms.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to recognize your browser or device, maintain session integrity, analyze usage trends, and remember user preferences. For more information, please refer to Section 7 of this Policy.

2.3 Information from Third-Party Sources.

• Payment Processors: Confirmation of transaction authorization, fraud risk scores, and partial payment instrument identifiers (e.g., last four digits of card and expiration date).
• Analytics Providers: Aggregated demographic and interest data (e.g., Google Analytics signals) to better understand our client base in the Minnesota metro area.

2.4 Children’s Data. The Services are intended for individuals aged sixteen (16) years and older. We do not knowingly collect, solicit, or maintain Personal Information from any individual under the age of sixteen (16). In the event we become aware that we have inadvertently collected Personal Information from a minor under sixteen without verified parental consent, we will take immediate steps to delete such information from our records.

3. HOW WE USE YOUR PERSONAL INFORMATION

Your Personal Information is used for the specific business and commercial purposes described below:

• Service Provision and Account Management: To create and maintain your Account, process membership fees and recurring subscription charges, manage class credits, facilitate class reservations and waitlist management, and provide you with the Services you have requested.
• Account Security and Fraud Prevention: To verify your identity using OTP verification methods; to detect, investigate, and prevent unauthorized access, fraudulent transactions, and potential security breaches.
• Safety and Operational Enforcement: To facilitate safe in-studio coaching, including the use of corrective touch cues when necessary; to enforce the Late Arrival Policy and other Studio Rules outlined in the Terms; and to maintain a safe environment for all clients and staff.
• Transactional and Administrative Communications: To send service-related announcements, such as booking confirmations, class reminders, membership renewal notices, billing updates, password reset emails, and changes to our Terms or Privacy Policy. These communications are essential for the operation of the Services and are generally non-optional.
• Marketing and Promotional Outreach: To send you information regarding new class formats, studio events, special promotions, or membership offers that we believe may be of interest to our community of women aged 20-45 in the Twin Cities metro area. You may withdraw your consent to receive marketing communications at any time by using the “Unsubscribe” link in the footer of emails or by adjusting your communication preferences in your Account settings.
• Analytics and Service Improvement: To analyze usage trends, monitor the performance of the Website and App, assess the effectiveness of our marketing efforts, and develop new features and services.
• Legal Compliance and Rights Protection: To comply with applicable laws, regulations, legal processes, or governmental requests; to enforce our Terms and Conditions; and to protect the rights, property, and safety of So Toned LLC, our clients, and the public.

4. DISCLOSURE AND SHARING OF INFORMATION

So Toned does not sell, rent, or lease your Personal Information to third parties for their own independent commercial marketing purposes. We may disclose your Personal Information to the following categories of recipients only as necessary to operate the Services:

• Service Providers and Vendors: We engage trusted third-party companies to perform functions on our behalf, including but not limited to: payment processing, SMS/Email OTP delivery infrastructure, cloud hosting, data analytics, customer relationship management (CRM) software, and email marketing platforms. These entities are contractually obligated to safeguard your data and are restricted from using your Personal Information for any purpose other than providing services to So Toned.
• Coaching and Studio Personnel: Limited information regarding your booking status and any disclosed health/safety concerns may be accessible to authorized studio staff and independent contractor coaches solely to ensure safe and effective class instruction.
• Business Transfers: In the event of a merger, acquisition, reorganization, sale of all or substantially all assets, or bankruptcy, the Personal Information held by So Toned may be transferred or assigned to the successor entity as part of the due diligence process or closing of the transaction, subject to the terms of this Privacy Policy.
• Legal and Regulatory Obligations: We may disclose information if required to do so by law, such as in response to a valid subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our legal rights, prevent physical harm or financial loss, or investigate suspected illegal activity.

5. SECURITY OF YOUR INFORMATION

We have implemented and maintain commercially reasonable administrative, technical, and physical security measures designed to protect the confidentiality, integrity, and availability of your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. This includes the use of Secure Sockets Layer (SSL) encryption for data transmission and industry-standard security protocols for payment processing and OTP delivery.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your Personal Information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your Account login credentials and for restricting access to your device.

6. DATA RETENTION

We retain your Personal Information only for as long as is reasonably necessary to fulfill the purposes for which it was collected as described in this Policy, including to satisfy any legal, regulatory, tax, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process your data; and applicable legal requirements.

• Account Information: Retained for the duration of your active client relationship plus a period of [e.g., 3-7 years] thereafter for compliance with tax and financial record-keeping laws.
• OTP Verification Logs: Metadata (phone number, timestamp, status) is retained for a short duration (typically 30-90 days) for security auditing and abuse prevention.
• Class Attendance Records: Retained in accordance with liability statute of limitations and general business records retention schedules.

7. COOKIES AND TRACKING TECHNOLOGIES

We use cookies (small text files placed on your device) and similar technologies such as pixels and web beacons to enhance user experience and collect aggregate statistical data about traffic to the Services.

• Essential Cookies: Required for core functionality such as site navigation, secure login, and booking access. The Services cannot function properly without these.
• Analytics Cookies: Used to collect information about how visitors interact with the Services (e.g., Google Analytics). This helps us improve site performance and user experience.

You have the ability to control the use of cookies at the individual browser level. If you reject cookies entirely, you may still use our Website, but your ability to use certain features or areas may be limited.

8. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites, plug-ins, or applications (e.g., social media platforms or payment gateways). Clicking on those links may allow third parties to collect or share data about you. We do not control and are not responsible for the privacy practices or content of these third-party sites. We encourage you to read the privacy policy of every website you visit.

9. YOUR PRIVACY RIGHTS AND CHOICES

Depending on your state of residence and applicable U.S. state privacy laws (including, but not limited to, laws in California, Virginia, Colorado, Connecticut, and Utah), you may have specific rights regarding your Personal Information, which may include:

• Right to Know/Access: The right to confirm whether we are processing your Personal Information and to request a copy of specific pieces of Personal Information we have collected.
• Right to Correction: The right to request correction of inaccurate Personal Information maintained by us.
• Right to Deletion: The right to request deletion of Personal Information we have collected, subject to certain legal exceptions (e.g., to complete a transaction, detect security incidents, or comply with legal obligations).
• Right to Opt-Out of Sale or Targeted Advertising: We do not “sell” Personal Information as that term is traditionally defined, nor do we engage in “targeted advertising” involving the sharing of data for cross-context behavioral advertising in exchange for monetary value.

9.1 Exercising Your Rights. To submit a verifiable consumer request regarding your data, please contact us using the information provided in Section 11 of this Policy. We will respond to such requests within the timeframes required by applicable law. We may require you to verify your identity through an OTP challenge or other reasonable method before processing your request to protect your privacy and security.

9.2 Communication Preferences. You may manage your marketing email and SMS preferences directly within your Account settings or by clicking the “Unsubscribe” link located at the bottom of any promotional email. Please note that even if you opt out of marketing communications, we will continue to send you transactional messages essential to your membership and class bookings.

10. INTERNATIONAL DATA TRANSFERS

Our Services are operated and intended for use exclusively within the United States of America, specifically serving the Minneapolis-St. Paul metropolitan area. If you are accessing the Services from a location outside the United States, please be advised that your information will be transferred to, processed, and stored on servers located within the United States. The data protection laws of the United States may differ from the laws of your jurisdiction of residence. By using the Services, you consent to the transfer of your data to the United States.

11. CONTACT US

If you have any questions, concerns, or inquiries regarding this Privacy Policy or our data handling practices, or if you wish to exercise your privacy rights, please contact us at:

So Toned LLC
Attn: Privacy Officer
13756 83rd Way N
Maple Grove, MN 55369
Email: [Insert Privacy/Support Email Address]