Privacy Policy

ClassHero is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our fitness and wellness booking platform.

Last updated: 18 December 2025

1. Introduction

1.1 About This Policy

ClassHero ("ClassHero", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our fitness and wellness booking platform.

1.2 Who We Are

Data Controller: A Journey Ltd t/a ClassHero

Registered Office: Suite 7034, 321–323 High Road, Romford, Essex, United Kingdom, RM6 6AX

Company Number: 15963421

ICO Registration: ICO:00010615367

Contact: privacy@classhero.io

1.3 Our Platform

  • Fitness studios and wellness centers
  • Session-based activity providers (tennis, climbing, swimming, etc.)
  • Promotional partners offering fitness products and services

1.4 Your Rights

Under UK data protection laws, you have important rights regarding your personal data. These rights are detailed in Section 9 of this policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

  • Name (first and last name)
  • Email address
  • Phone number
  • Date of birth (for age requirement compliance - 18+ platform)
  • Password (encrypted)
  • Profile preferences and interests

Booking and Payment Information:

  • Booking history and preferences
  • Payment card details (processed securely by our payment provider)
  • Billing address
  • Delivery address (for product purchases)
  • Special requirements or accessibility needs

Communication and Feedback:

  • Messages sent through our platform
  • Reviews and ratings of studios, instructors, or products
  • Customer service interactions
  • Survey responses and feedback

Health and Safety Information (Optional):

  • Fitness level and experience
  • Medical conditions relevant to activity participation
  • Emergency contact information
  • Dietary requirements or allergies

2.2 Information We Collect Automatically

Device and Usage Information:

  • IP address and location data
  • Device type, browser type, and operating system
  • Platform usage patterns and navigation behavior
  • Session duration and frequency of use
  • Search queries and booking patterns

Cookies and Tracking Technologies:

  • Essential cookies for platform functionality
  • Analytics cookies to improve user experience
  • Preference cookies to remember your settings
  • Marketing cookies (with your consent)

2.3 Information from Third Parties

  • Social Media Login: Profile information from Google, Facebook, or Apple if you choose social login
  • Payment Providers: Transaction confirmations and payment status, fraud prevention data
  • Partner Information: Class and session availability, instructor information, product information from promotional partners

3. How We Use Your Information

3.1 Primary Purposes

Account Management:

  • Creating and managing your ClassHero account
  • Authenticating your identity and securing your account
  • Providing customer support and resolving issues
  • Sending important account notifications

Booking Services:

  • Processing class, session, and product bookings
  • Coordinating with studios and activity providers
  • Managing waitlists and booking confirmations
  • Processing payments and refunds

Platform Improvement:

  • Analysing usage patterns to improve our services
  • Developing new features and functionality
  • Conducting research to enhance user experience
  • Ensuring platform security and preventing fraud

3.2 Personalisation and Recommendations

Tailored Experience:

  • Recommending classes and activities based on your preferences
  • Showing relevant studios and sessions in your area
  • Customizing your platform dashboard and notifications
  • Providing personalised pricing and offers

AI-Powered Insights:

  • Analyzing booking patterns for better recommendations
  • Predicting optimal class times and availability
  • Suggesting new activities you might enjoy
  • Optimizing search results for your preferences

3.3 Marketing and Communications

Platform Communications (with your consent):

  • Promotional offers and special deals
  • New studio and partner announcements
  • Seasonal campaigns and challenges
  • Newsletter with fitness tips and platform updates

Transactional Communications (always permitted):

  • Booking confirmations and reminders
  • Class or session changes and cancellations
  • Payment receipts and refund notifications
  • Important account and security updates

3.4 Legal and Compliance

  • Complying with legal obligations and regulatory requirements
  • Preventing fraud, abuse, and prohibited activities
  • Protecting the safety and security of users and partners
  • Enforcing our Terms of Service and platform policies

4. Sharing Your Information

4.1 Information Shared with Partners

Studio and Activity Providers:

  • Your first name and booking reference for class management
  • Booking type (paid member, trial user, etc.)
  • Visit frequency and loyalty status
  • Special requirements or accessibility needs

Note: We do not share your contact details with fitness partners

Promotional Partners (Product Deliveries Only):

  • Full name and delivery address for physical product shipping
  • Contact phone number for delivery coordination
  • Purchase details and delivery preferences

Note: Strictly limited to order fulfillment purposes only

4.2 Third-Party Service Providers

  • Payment Processing: Payment card information (processed securely by Stripe), transaction amounts, billing address
  • Technology Partners: Analytics providers, email service providers, cloud hosting providers, customer support platforms
  • Legal and Compliance: Law enforcement agencies when required by law, regulatory authorities, legal advisors, fraud prevention services

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4.4 Information We Never Share

  • We never sell your personal data to third parties
  • We never share your contact details for marketing purposes
  • We never provide customer lists to partners
  • We maintain strict controls on data access and usage

5. International Data Transfers

5.1 Data Location

Your personal data is primarily stored and processed in the United Kingdom. Some third-party services may process data outside the UK/EEA.

5.2 Transfer Safeguards

  • Standard Contractual Clauses approved by UK authorities
  • Adequacy decisions recognizing equivalent protection
  • Binding corporate rules for multinational service providers
  • Additional security measures where required

5.3 Your Rights

You have the right to obtain information about international transfers and the safeguards in place. Contact us at privacy@classhero.io for more information.

6. Data Retention

6.1 Retention Periods

Account Data:

  • Active accounts: Retained while your account remains active
  • Inactive accounts: Deleted after 3 years of inactivity
  • Account deletion: Immediate deletion upon request

Booking and Transaction Data:

  • Booking history: Retained for 7 years for legal and tax purposes
  • Payment data: Retained according to financial regulations
  • Cancelled bookings: Deleted after 1 year unless disputes pending

Communication Data:

  • Platform messages: Retained for 2 years
  • Customer service interactions: Retained for 5 years
  • Marketing communications: Retained until consent withdrawn

Analytics and Usage Data:

  • Aggregated analytics: May be retained indefinitely (anonymized)
  • Individual usage patterns: Deleted after 2 years
  • Device and session data: Deleted after 1 year

6.2 Legal Retention

  • Legal obligations (tax, financial regulations)
  • Legitimate interests (fraud prevention, dispute resolution)
  • Ongoing legal proceedings or investigations

6.3 Secure Deletion

When data is deleted, we use secure deletion methods to ensure it cannot be recovered.

7. Data Security

7.1 Technical Measures

Encryption:

  • Data encrypted in transit using TLS 1.3
  • Data encrypted at rest using AES-256 encryption
  • Database encryption for sensitive information
  • Secure key management practices

Access Controls:

  • Multi-factor authentication for staff access
  • Role-based access control limiting data access
  • Regular access reviews and permission updates
  • Secure development and deployment practices

Infrastructure Security:

  • Cloud hosting with enterprise-grade security
  • Regular security audits and penetration testing
  • 24/7 monitoring and incident response
  • Automated backup and disaster recovery

7.2 Organisational Measures

Staff Training:

  • Regular data protection training for all staff
  • Clear policies on data handling and processing
  • Incident response procedures and protocols
  • Background checks for personnel with data access

7.3 Incident Response

Data Breach Protocol

If a data breach occurs, we will:

  • • Assess the risk and impact within 24 hours
  • • Notify the ICO within 72 hours if high risk
  • • Inform affected individuals without undue delay
  • • Take immediate steps to contain and remedy the breach

8. Cookies & Tracking

8.1 Types of Cookies We Use

Essential Cookies (Always Active):

  • Account authentication and security
  • Platform functionality and navigation
  • Shopping cart and booking management
  • Security and fraud prevention

Analytics Cookies (With Consent):

  • Google Analytics for platform usage insights
  • Performance monitoring and optimization
  • Error tracking and system improvements
  • User journey analysis and funnel optimization

Marketing Cookies (With Consent):

  • Personalized content and recommendations
  • Social media integration and sharing
  • Advertising campaign measurement
  • Cross-device tracking for consistent experience

Preference Cookies (With Consent):

  • Language and region settings
  • Display preferences and accessibility options
  • Notification preferences and settings
  • Personalized dashboard configuration

8.2 Managing Cookies

  • Our cookie consent banner (first visit)
  • Cookie settings in your account preferences
  • Browser settings and privacy controls
  • Opt-out links provided by third-party services

For more details, see our Cookie Policy.

9. Your Rights

Your Data Protection Rights

Under UK data protection law, you have important rights regarding your personal data. All requests should be sent to privacy@classhero.io with proof of identity.

9.1 Access Rights

  • Request a copy of all personal data we hold about you
  • Information about how your data is processed
  • Details of data sharing and retention periods

9.2 Correction and Updates

  • Correct inaccurate or incomplete personal data
  • Update your account information and preferences
  • Amend booking history where errors exist

9.3 Deletion Rights (Right to be Forgotten)

  • Request deletion of your personal data
  • Account closure and data removal
  • Removal of reviews and comments (where legally permissible)

Limitations: Legal retention requirements may apply

9.4 Processing Restrictions

  • Limit how we use your data while disputes are resolved
  • Suspend data processing for specific purposes
  • Object to processing based on legitimate interests

9.5 Data Portability

  • Receive your data in a machine-readable format
  • Transfer your data to another service provider
  • Export booking history and account information

9.6 Objection Rights

  • Object to processing for marketing purposes (always honored)
  • Object to processing based on legitimate interests
  • Object to automated decision-making and profiling

9.7 Consent Withdrawal

  • Withdraw consent for marketing communications
  • Opt out of optional data processing
  • Change cookie preferences

9.8 Response Times

  • 1 month for standard requests
  • Extension possible for complex requests (with explanation)
  • Free of charge for reasonable requests
  • Identity verification required for security

10. Children's Privacy

Age Requirement

ClassHero is intended for users aged 18 and over

10.1 Age Requirements

  • ClassHero is intended for users aged 18 and over
  • Users confirm their age during registration (no verification process required)
  • We do not knowingly collect data from children under 18
  • If we discover a user is under 18, we will suspend the account pending verification

10.2 Parental Rights

  • We will delete information collected from a child immediately
  • Parents may request access to their child's data
  • Parents may request deletion of their child's account
  • We will not use child data for marketing purposes

11. Automated Decision-Making

11.1 AI and Machine Learning

Personalization:

  • Recommendations based on preferences
  • Customised search results and platform content
  • Optimised booking suggestions and timing

Impact: Enhanced user experience and relevant recommendations

Dynamic Pricing:

  • Adjusting class prices based on demand, weather, and other factors
  • Loyalty levy application after multiple bookings at same studio
  • Special offer eligibility and discount calculations

Impact: Pricing variations that may affect cost of activities

Fraud Prevention:

  • Analysing booking patterns for suspicious activity
  • Risk assessment for payment processing
  • Account security monitoring and alerts

Impact: May affect account access or payment processing

11.2 Your Rights Regarding Automated Decisions

  • Right to Human Review: Request manual review of automated decisions
  • Right to Explanation: Understand how automated decisions are made
  • Right to Challenge: Contest decisions you believe are incorrect

Contact: privacy@classhero.io for automated decision queries

12. Marketing & Communications

12.1 Marketing Preferences

Email Marketing (Opt-in Required):

  • Promotional offers and special deals
  • New studio and partner announcements
  • Seasonal campaigns and fitness challenges
  • Monthly newsletter with tips and platform updates

Push Notifications (Consent Required):

  • Booking reminders and confirmations
  • Last-minute deal alerts
  • Class availability notifications
  • Platform feature updates and announcements

SMS Marketing (Separate Consent):

  • Urgent booking changes and cancellations
  • Time-sensitive promotional offers
  • Account security alerts

Note: Standard message rates apply

12.2 Transactional Communications

These emails are necessary and cannot be unsubscribed from:

  • Booking confirmations and receipts
  • Class changes and cancellation notices
  • Payment confirmations and refund notifications
  • Account security alerts and password resets
  • Legal notices and policy updates

12.3 Managing Communications

  • Account settings and notification preferences
  • Unsubscribe links in all marketing emails
  • Opt-out replies to SMS messages
  • Push notification settings on your device
  • Contact preferences in your profile

13. Business Analytics & Insights

13.1 Platform Analytics

  • Understand popular class types and booking patterns
  • Identify peak usage times and seasonal trends
  • Improve platform functionality and user experience
  • Develop new features and service offerings

13.2 Partner Analytics

  • Demand patterns in their local area
  • Popular class times and booking trends
  • Customer preferences and behavior patterns
  • Market opportunities and competitive analysis

13.3 Customer Insights

  • Personalized class recommendations
  • Optimized booking suggestions
  • Tailored promotional offers
  • Improved search results and platform navigation

13.4 Data Protection

  • Data anonymization and pseudonymization where possible
  • Aggregation to prevent individual identification
  • Access controls limiting who can view insights
  • Regular review of analytics purposes and necessity

14. Social Features & Community

14.1 Social Features

  • Friend connections and activity sharing
  • Achievement badges and fitness milestones
  • Community challenges and leaderboards
  • Review and rating systems for studios and activities

14.2 Privacy Controls

  • Visibility of your activity and achievements
  • Friend requests and connection settings
  • Public profile information and privacy
  • Participation in community features and challenges

14.3 Public Content

Public Visibility

The following information may be visible to other users:

  • • Reviews and ratings of studios and instructors
  • • Comments on classes and activities
  • • Achievement badges and fitness milestones
  • • Profile information you choose to share

15. Changes to this Policy

15.1 Policy Updates

We may update this Privacy Policy from time to time to:

  • Reflect changes in data protection laws
  • Accommodate new platform features or services
  • Improve clarity and transparency
  • Address feedback from users and regulators

15.2 Notification of Changes

Material Changes:

  • Email notification to all active users
  • Prominent notice on platform dashboard
  • Summary of key changes provided
  • Effective Date: 30 days after notification

Minor Changes:

  • Updated policy posted on platform
  • "Last Updated" date modified
  • Effective Date: Immediately upon posting

16. Contact Information

16.1 Privacy Team

Email: privacy@classhero.io

Response Time: Within 5 business days

Available: Monday–Friday, 9 AM – 5 PM GMT

16.2 Data Protection Officer

Email: dpo@classhero.io

Role: Independent oversight of data protection compliance

Available: For complex data protection queries and complaints

16.3 General Contact

Company: A Journey Ltd

Address: Suite 7034, 321-323 High Road, Romford, Essex, United Kingdom, RM6 6AX

Email: hello@classhero.io

16.4 Regulatory Authority

Information Commissioner's Office (ICO)

Website: ico.org.uk • Phone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

17. Glossary

17.1 Key Terms

Personal Data: Any information relating to an identified or identifiable individual.

Data Controller: The entity that determines the purposes and means of processing personal data (ClassHero).

Data Processor: An entity that processes personal data on behalf of the data controller (our service providers).

Data Subject: The individual whose personal data is being processed (you).

Processing: Any operation performed on personal data, including collection, storage, use, and deletion.

Consent: Freely given, specific, informed agreement to the processing of personal data.

Legitimate Interest: A lawful basis for processing that balances our business interests with your rights and freedoms.

17.2 Partner Types

  • Studio Partners: Fitness studios and wellness centers offering group classes.
  • Session-Based Activity Providers: Providers of individual or small group sessions (tennis, climbing, etc.).
  • Promotional Partners: Businesses offering fitness products, services, or experiences.

Legal Compliance

This Privacy Policy is designed to be compliant with UK GDPR and Data Protection Act 2018. For questions about compliance, contact our Data Protection Officer at dpo@classhero.io.

© 2025 A Journey Ltd (t/a ClassHero). All rights reserved.
Company Registration No: 15963421 • VAT Registration No: GB480988047
ICO Registration: ICO:00010615367 • Last updated: 18 December 2025

Terms & ConditionsPrivacy PolicyCookie PolicyHelp CentreContact Support

© 2024-2025 A Journey Ltd (t/a ClassHero). All rights reserved. Company No. 15963421. VAT No. GB480988047.