Privacy Policy

Amity OS Platform

Last updated: 7 January 2025

This Privacy Policy explains how personal data is collected, used, and shared when you use the Amity OS platform.

It applies to:

  • the Amity OS platform (“the Platform”), and
  • your interactions with Tenant Instructors (such as Amity Pilates) who use the Platform to manage their services.

Please read this policy carefully.

1. Who is responsible for your data

1.1 Controllers

Depending on the context, there are two data controllers:

  • Amity OS – Responsible for operating the Platform, authentication, infrastructure, analytics, and platform-level features.
  • Tenant Instructor (e.g. Amity Pilates) – Responsible for delivering services to you and managing your relationship with them.

Each controller is responsible for complying with data protection law in relation to the personal data they control.

1.2 Contact

For general privacy questions about the Platform, contact:

Email: hello@amity.studio

For questions about how your data is used by a Tenant Instructor, contact them directly.

2. What personal data we collect

We collect data in layers, so that only what is necessary is collected by default.

2.1 Core identity and access data

  • Name
  • Phone number
  • Email address
  • Date of birth (where required by the Tenant Instructor)
  • Authentication logs and timestamps

This data is required to provide access to the Platform.

2.2 Booking and relationship data

  • Class bookings and cancellations
  • Attendance and no-show records
  • Credit balances and pack usage
  • Venue preferences and schedules
  • Messages sent through the Platform

2.3 Health and safety data

  • Par-Q responses
  • Health and safety declarations
  • Emergency contact details

2.4 Optional personalisation data

You may be invited to provide additional information, such as:

  • goals and preferences
  • lifestyle context (e.g. work patterns, availability)
  • activity interests

Providing this information is optional unless stated otherwise.

2.5 Payment data

Payments are processed by third-party payment providers.

We do not store full card details. We may store:

  • transaction references
  • payment status
  • amounts and timestamps

2.6 Technical data

  • IP address
  • device and browser type
  • cookies and similar technologies

3. How we use your data

3.1 Providing the Platform

  • account creation and authentication
  • booking and attendance management
  • messaging and reminders
  • customer support

3.2 Supporting Tenant Instructors

  • enabling class delivery and scheduling
  • managing cancellations, waitlists, and attendance
  • maintaining fair booking policies

3.3 Safety and compliance

  • assessing suitability for participation
  • maintaining health and safety records
  • meeting legal obligations

3.4 Personalisation (where enabled)

  • recommending relevant classes
  • improving scheduling and attendance
  • tailoring communications

3.5 Platform improvement

  • monitoring usage patterns
  • improving functionality and performance
  • developing new features

This is generally done using aggregated and anonymised data.

4. Lawful bases for processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract – to provide the Platform and fulfil bookings
  • Legitimate interests – to operate and improve the Platform, support Tenant Instructors, and ensure fair usage
  • Consent – for marketing communications and optional personalisation features
  • Legal obligation – where required by law

You can withdraw consent at any time where processing is based on consent.

5. Marketing and recommendations

You will only receive marketing communications if you have opted in.

Service messages (such as login codes, booking confirmations, and reminders) do not require marketing consent.

We do not sell identifiable personal data.

6. Data sharing

We may share data with:

  • Tenant Instructors you choose to book with
  • Service providers (e.g. payment processors, messaging providers, hosting services)
  • Regulators or authorities where legally required

All service providers are required to handle data securely and only for authorised purposes.

7. Data aggregation and analytics

Amity OS may use anonymised and aggregated data across tenants to:

  • understand trends and usage
  • improve the Platform
  • support business planning

This data does not identify you individually.

8. International transfers

Where data is processed outside the UK, appropriate safeguards are used, such as:

  • adequacy decisions
  • standard contractual clauses

9. Data retention

We retain data only for as long as necessary:

  • account and booking data while you are an active user
  • payment records for accounting and legal purposes
  • health and safety records as reasonably required

You may request deletion of your data, subject to legal and contractual obligations.

10. Your rights

You have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion
  • restrict or object to processing
  • withdraw consent
  • receive a copy of your data

Requests can be made by contacting us using the details above.

11. Security

We use appropriate technical and organisational measures to protect your data, including:

  • encryption
  • access controls
  • audit logging

No system is completely secure, but we take data protection seriously.

12. Cookies

We use cookies and similar technologies to:

  • maintain sessions
  • improve performance
  • analyse usage

Further details are provided in our Cookie Policy.

13. Changes to this policy

We may update this Privacy Policy from time to time.

If changes are material, we will notify you and may require confirmation before continued use.

14. Contact

For questions about this Privacy Policy, contact:

Email: hello@amity.studio

See also: Terms of Service