JunoCal Privacy Policy

1. How JunoCal works with Studio data

JunoCal is software used by Studios to manage their own businesses and client relationships.

A Studio’s Clients belong to the Studio, not JunoCal. JunoCal does not sell Studio client data. JunoCal does not use Studio client data to build a consumer marketplace. JunoCal does not use Studio client data to market competing studios to Clients. JunoCal does not use Studio client data to train third-party AI models unless the Studio expressly agrees in writing.

2. Our role under privacy law

JunoCal may act in different roles depending on the data and context.

For Studio account data, website visitor data, billing data, support data, security data, analytics data, marketing data, and business operations data, JunoCal generally acts as the controller.

For personal data that a Studio collects, uploads, creates, receives, or manages through JunoCal about its Clients, staff, instructors, contractors, and attendees, the Studio generally acts as the controller, and JunoCal acts as the processor.

This means the Studio decides why and how most Studio-client data is collected and used. JunoCal processes that data on the Studio’s behalf so the Studio can use the service.

If you are a Client of a Studio and have questions about your booking, refund, cancellation, class, membership, waiver, intake form, or data rights, you should contact the Studio directly. Where appropriate, JunoCal may forward your request to the relevant Studio.

3. Personal data we collect

The personal data we collect depends on how you use JunoCal.

Studio account data

We may collect name, email address, phone number, Studio name, business address, billing details, role, permissions, staff profile details, login and authentication information, subscription plan, account status, usage information, support requests, demo information, onboarding information, migration information, and sales communications.

Studio business data

Studios may use JunoCal to create, upload, or manage class schedules, appointment schedules, courses, workshops, memberships, class packs, room layouts, spot maps, staff profiles, instructor bios, photos, Studio policies, waiver templates, intake forms, email templates, SMS templates, Studio images, logos, themes, branding, reviews, testimonials, reports, and exports.

Client and booking data processed for Studios

Studios may use JunoCal to collect or manage Client names, email addresses, phone numbers, booking history, attendance history, waitlist status, memberships, class packs, appointments, courses, purchases, payment-related metadata, intake form answers, waiver acknowledgements, signatures, emergency contacts, staff notes, communication preferences, reviews, feedback, lead forms, enquiries, profile photos, and other Client information.

Studios may also choose to collect health-related, pregnancy-related, injury-related, accessibility, disability, medication, emergency, or other sensitive information through intake forms, waivers, notes, or client records.

JunoCal does not decide what Client data a Studio chooses to collect through its forms, notes, waivers, booking flows, or workflows. The Studio is responsible for ensuring that its collection and use of that data is lawful and appropriate.

Payment-related data

JunoCal may process payment-related metadata, such as transaction IDs, payment status, invoice status, refund status, currency, amount, service purchased, payment-provider customer IDs, and failed-payment events.

Payment card details and bank account details are processed by Stripe or another payment provider, not by JunoCal. JunoCal does not store full card numbers.

Technical, usage, and device data

We may collect IP address, device type, browser type, operating system, referring URL, pages viewed, clicks and interactions, session data, error logs, performance data, approximate location derived from IP address, cookie and similar technology identifiers, security logs, and audit logs.

Marketing and communications data

We may collect newsletter signups, demo requests, campaign attribution, responses to surveys or feedback requests, email preferences, and communications with us by email, form, call, or other channel.

4. How we use personal data

We use personal data to:

1. Provide, operate, maintain, and secure JunoCal.
2. Create and manage accounts.
3. Process subscriptions and billing.
4. Provide support, onboarding, migration assistance, and troubleshooting.
5. Power bookings, schedules, forms, waivers, memberships, class packs, reminders, waitlists, dashboards, reports, exports, and integrations.
6. Send service communications, account notices, security alerts, billing reminders, and operational messages.
7. Improve product performance, reliability, usability, and security.
8. Detect, prevent, investigate, and respond to fraud, spam, abuse, security incidents, unlawful activity, and policy violations.
9. Comply with legal, tax, accounting, regulatory, payment-provider, and dispute obligations.
10. Send marketing communications where permitted by law.
11. Measure marketing performance and website usage.
12. Develop and improve JunoCal features.
13. Enforce our Terms and protect JunoCal, Studios, Clients, and others.

5. Lawful bases for processing

Where UK GDPR, EU GDPR, or similar privacy laws apply, we rely on one or more lawful bases depending on the context:

1. Contract: to provide JunoCal, manage accounts, process billing, and deliver requested services.
2. Legitimate interests: to secure, improve, analyse, support, market, and protect JunoCal, provided those interests are not overridden by individual rights.
3. Consent: for certain marketing, cookies, optional features, or processing where consent is required.
4. Legal obligation: to comply with tax, accounting, legal, regulatory, security, or law-enforcement obligations.
5. Vital interests or public interest: where necessary in exceptional circumstances, such as protecting someone’s life or responding to serious harm.

Where JunoCal processes Studio-client data on behalf of a Studio, the Studio is responsible for identifying the lawful basis for collecting and using that data.

6. Sensitive and health-related data

Studios may use JunoCal to collect or store sensitive information, including health information, injury information, pregnancy or postnatal information, disability or accessibility information, medication information, emergency contact details, or other information entered into intake forms, waivers, notes, or client records.

The Studio is responsible for deciding whether to collect sensitive information and for ensuring that:

1. Collection is necessary, proportionate, and lawful.
2. The Studio has a lawful basis and, where required, a separate condition for processing special category or sensitive data.
3. The Studio obtains explicit consent where required.
4. Clients receive clear privacy information before data is collected.
5. Access is limited to people who need the information.
6. The information is accurate, relevant, up to date, and not excessive.
7. The information is deleted or anonymised when no longer needed.
8. The Studio complies with all professional, health, safeguarding, insurance, and data-protection obligations that apply.

JunoCal processes this information as a processor on the Studio’s instructions, except where we must process limited information for security, legal, compliance, or dispute purposes.

7. How we share personal data

We may share personal data with:

1. Studios: Client data is made available to the Studio the Client interacts with.
2. Authorised Studio users: Staff, instructors, contractors, administrators, and other users authorised by the Studio.
3. Service providers and subprocessors: Companies that help us host, store, process, analyse, secure, communicate, support, and operate JunoCal.
4. Payment providers: Stripe and other payment providers where needed for payment-related functionality.
5. Communication providers: Email, SMS, and notification providers.
6. Integration partners: Where a Studio chooses to connect an integration.
7. Professional advisers: Lawyers, accountants, auditors, insurers, and consultants.
8. Authorities, regulators, courts, or law enforcement: Where required or permitted by law.
9. Business transfer parties: In connection with a merger, acquisition, financing, reorganisation, sale of assets, or similar transaction.
10. Others with consent or direction: Where you or the relevant Studio instructs or authorises sharing.

We do not sell Studio client data. We do not share Studio client data with a consumer marketplace. We do not use Studio client data to advertise competing studios to Clients.

8. Service providers and subprocessors

JunoCal uses trusted service providers and subprocessors to operate the service. These may include providers for hosting, databases, file storage, authentication, payments, email delivery, SMS delivery, background jobs, error monitoring, product analytics, security, support, and infrastructure.

These providers may process personal data in the United Kingdom, the European Economic Area, the United States, and other countries where they or their subprocessors operate.

Where personal data is transferred internationally, we use appropriate safeguards where required by law, such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Addendum, contractual protections, or other lawful transfer mechanisms.

JunoCal may update its providers from time to time as the product changes. Where required by law or contract, we will provide notice before appointing new subprocessors and allow customers to object on reasonable data-protection grounds.

9. Data location

JunoCal does not promise that all personal data is stored in one region. Some systems may store or process data in the United Kingdom or European Economic Area, while other systems may store or process data in the United States or other countries.

We take steps designed to protect personal data wherever it is processed and use transfer safeguards where required by applicable data-protection law.

10. Data retention

We keep personal data only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Retention periods depend on the type of data, account status, legal requirements, dispute needs, backup cycles, security requirements, and Studio configuration.

As a general guide:

1. Account and billing records may be retained for legal, tax, accounting, and audit purposes.
2. Support records may be retained to resolve issues, maintain service quality, and protect legal rights.
3. Security logs may be retained to detect and investigate abuse or incidents.
4. Studio-client data may be retained while the Studio account is active and for a reasonable period after termination to allow export, backup expiry, legal compliance, dispute resolution, or deletion.
5. Backups may retain data for a limited period after deletion from live systems.

Studios are responsible for configuring, exporting, deleting, or requesting deletion of Client data where required.

11. Data rights

Depending on location and applicable law, individuals may have rights to access, correct, delete, restrict, object to processing, withdraw consent, receive a copy of personal data, port data to another provider, opt out of certain uses, and complain to a data-protection authority.

If you are a Studio Client, JunoCal may need to refer your request to the Studio because the Studio controls your Client data. We will support Studios in responding to rights requests as required by applicable law.

To make a privacy request, contact hello@junocal.com.

12. Marketing choices

You can unsubscribe from JunoCal marketing emails using the unsubscribe link in the email or by contacting us at hello@junocal.com.

Studios are responsible for their own marketing messages sent to Clients through JunoCal or connected tools. If you receive a Studio marketing message, contact the Studio or use the unsubscribe link where provided.

Even if you opt out of marketing, we may still send transactional, legal, security, billing, or service messages.

13. Cookies and similar technologies

We may use cookies, pixels, local storage, and similar technologies to keep users signed in, remember preferences, secure the service, understand website and product usage, improve performance, measure marketing effectiveness, and detect abuse or fraud.

Where required, we will request consent for non-essential cookies. You can control cookies through browser settings and any cookie banner or preference tool we provide.

Blocking cookies may affect JunoCal functionality.

14. Security

We use reasonable technical and organisational measures designed to protect personal data, including access controls, encryption where appropriate, least-privilege access, monitoring, backups, and provider security controls.

No service can guarantee absolute security. Studios are responsible for securing their own accounts, devices, staff access, permissions, passwords, integrations, Stripe accounts, and exported data.

If you believe there has been unauthorised access to a JunoCal account or personal data, contact us promptly at hello@junocal.com.

15. Children and minors

JunoCal is not directed to children. Studios may use JunoCal to manage bookings or records involving minors only where lawful and appropriate for their services.

The Studio is responsible for obtaining any required parent or guardian consent, providing appropriate notices, handling safeguarding obligations, and complying with laws that apply to children’s data.

16. Automated decision-making

JunoCal does not use Studio client data to make solely automated decisions that produce legal or similarly significant effects on individuals.

Studios are responsible for any decisions they make using JunoCal data, such as membership eligibility, attendance restrictions, cancellation enforcement, health screening outcomes, or client communications.

17. AI and model training

JunoCal will not use Studio client data to train third-party AI models unless the Studio expressly agrees in writing.

If JunoCal uses AI or automation to support product features, support, analytics, or internal operations, we will do so subject to applicable law, confidentiality obligations, and this Privacy Policy.

18. Complaints

You may contact us at hello@junocal.com with privacy questions or complaints.

If you are in the United Kingdom, you may have the right to complain to the Information Commissioner’s Office. If you are in the European Economic Area, you may have the right to complain to your local supervisory authority.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised “Last updated” date.

If changes are material, we will take reasonable steps to notify affected users, such as by email, in-product notice, or website notice.

1. Roles

For Studio-client data and other personal data processed by JunoCal on behalf of a Studio, the Studio is generally the controller or business, and JunoCal is generally the processor or service provider.

The Studio determines the purposes and means of processing. JunoCal processes the data on the Studio’s documented instructions, including these Terms, the Studio’s account settings, Studio user actions, support requests, and integration configurations.

2. Subject matter and duration

The subject matter of processing is the provision of JunoCal’s studio management software and related services.

The duration of processing is the period during which the Studio uses JunoCal, plus any period required for deletion, export, backup expiry, legal compliance, dispute resolution, security, fraud prevention, or audit purposes.

3. Nature and purpose of processing

JunoCal processes Studio data to provide, secure, maintain, support, improve, and operate the service, including account setup, scheduling, bookings, appointments, courses, memberships, class packs, intake forms, waivers, client profiles, staff access, permissions, payment-related workflows, communications, waitlists, reporting, exports, integrations, security, debugging, fraud prevention, support, and troubleshooting.

4. Categories of data subjects

Personal data may relate to Studio clients, students, members, attendees, prospects, leads, staff, instructors, contractors, substitutes, administrators, owners, emergency contacts, parents or guardians, and other individuals whose data is submitted to JunoCal by or on behalf of a Studio.

5. Categories of personal data

Personal data may include names, email addresses, phone numbers, addresses, booking records, attendance records, memberships, class packs, course enrolments, payment metadata, communication preferences, reviews, feedback, intake form answers, waiver acknowledgements, signatures, emergency contacts, staff notes, profile photos, IP addresses, device data, technical logs, and audit logs.

6. Sensitive data

Personal data may include sensitive or special category data if the Studio chooses to collect it, including health information, injury information, pregnancy or postnatal information, disability or accessibility information, medication information, physical limitation information, emergency information, or other sensitive information entered into forms, waivers, notes, or client records.

The Studio is responsible for ensuring that its collection and use of sensitive data complies with applicable law.

7. Studio obligations

The Studio must comply with applicable privacy and data-protection laws, provide clear privacy notices to individuals, establish a lawful basis for processing personal data, establish any required condition for processing sensitive data, obtain consent where required, keep data accurate and not excessive, configure access controls appropriately, use JunoCal only for lawful purposes, respond to data rights requests where required, and ensure that instructions to JunoCal are lawful.

8. JunoCal obligations

JunoCal will:

1. Process Studio data only on documented instructions from the Studio, unless required by law.
2. Ensure personnel authorised to process Studio data are bound by confidentiality obligations.
3. Use reasonable technical and organisational measures designed to protect Studio data.
4. Assist the Studio, taking into account the nature of processing and information available to JunoCal, with data rights requests, security obligations, breach notifications, data protection impact assessments, and regulator consultations where required by law.
5. Notify the Studio without undue delay after becoming aware of a personal data breach affecting Studio data.
6. Make available information reasonably necessary to demonstrate compliance with this Data Processing Addendum, subject to confidentiality, security, legal, and operational limitations.
7. Delete or return Studio data after termination where required, subject to legal retention, backup, security, fraud-prevention, dispute, and operational needs.

9. Subprocessors

The Studio authorises JunoCal to use subprocessors to provide the service.

JunoCal will impose data-protection obligations on subprocessors that are appropriate to the nature of the services provided.

JunoCal may add or replace subprocessors from time to time. Where required by law or contract, JunoCal will provide notice and allow reasonable objections based on material data-protection concerns.

10. Security measures

JunoCal’s security measures may include access controls, role-based permissions, encryption in transit, encryption at rest where supported by infrastructure providers, authentication controls, least-privilege internal access, logging, monitoring, backups, vulnerability management, incident response procedures, vendor review, staff confidentiality obligations, and secure development practices.

Security measures may evolve over time, and no system is completely secure.

11. Data rights requests

If JunoCal receives a request from an individual relating to Studio-controlled data, JunoCal may refer the request to the Studio unless required by law to respond directly.

The Studio is responsible for responding to data rights requests. JunoCal will provide reasonable assistance where required by law and technically feasible.

12. Personal data breaches

JunoCal will notify the Studio without undue delay after becoming aware of a personal data breach affecting Studio data.

The notification will include information reasonably available to JunoCal, which may include the nature of the breach, affected data, likely consequences, measures taken, and contact information.

The Studio is responsible for determining whether notification to individuals, regulators, insurers, or others is required, unless JunoCal is legally required to notify directly.

JunoCal’s notification of a breach is not an admission of fault or liability.

13. International transfers

Where Studio data is transferred outside the United Kingdom, European Economic Area, or another protected region in a way that requires a transfer mechanism, JunoCal will use appropriate safeguards such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Addendum, contractual protections, or other lawful transfer mechanisms.

The Studio authorises JunoCal and its subprocessors to make such transfers as necessary to provide the service.

14. Deletion and return

When a Studio account ends, JunoCal will delete or return Studio data in accordance with the Terms, product functionality, backup cycles, legal obligations, and this Data Processing Addendum.

JunoCal may retain Studio data where required or permitted for legal, tax, accounting, audit, security, fraud-prevention, dispute, backup, or compliance purposes, provided the retained data remains protected and is not actively processed for unrelated purposes.

15. Order of precedence

If there is a conflict between this Data Processing Addendum and the Terms of Service, this Data Processing Addendum controls only for the processing of Studio data to the extent required by applicable data-protection law. The Terms of Service control in all other respects.