Security at Junocal

Junocal uses Stripe Connect Standard. You connect your own Stripe account at signup, or create one if you don't have one. From that point on, the studio is the Stripe customer of record. Charges flow directly from the client's card to your Stripe balance. Junocal never holds, routes, or has access to your funds.

Consequence: if a client disputes a charge, the dispute is between Stripe and you, not Junocal. If you cancel Junocal, your Stripe account, history, dispute record, and payout schedule stay with you and Stripe.

Card numbers and bank details never touch Junocal's servers. Card collection runs through Stripe's PCI-compliant elements end-to-end. We store the Stripe transaction reference, not the card.

Operators and clients sign in with email + a single-use magic link. No passwords to forget, store, or rotate. The link expires shortly after being sent. No client passwords for the studio to manage, reset, or store — limits an entire class of credential-stuffing attacks.

Internal staff access for support and incident response is gated by a short, named allowlist plus a second authentication factor. Every internal action against a studio's data is logged with the staff identifier and timestamp.

Junocal is GDPR-compliant for EU-resident clients and CCPA-compliant for California-resident clients. The legal bases for processing are documented in the privacy policy. Client data is used only for the studio's operational purposes (scheduling, payments, communications, intake) and is never used to train AI models, sold to third parties, or shared outside the integrations the studio has explicitly enabled.

Client data subject requests — right of access, right of deletion, right of portability — are honoured within 30 days. Operators can fulfil these directly from the dashboard. EU operators' studio data is stored in EU-region infrastructure; US operators' data is stored in US-region infrastructure.

Junocal runs on category-leading infrastructure providers, each with their own redundancy and incident-response practice. Database failover, read-replica failover, and edge-region routing are managed automatically. The /status page publishes real-time component health.

If you need formal uptime commitments for procurement, contact hello@junocal.com and we'll put the right SLA terms in writing.

If we experience a security incident affecting customer data, we'll notify affected studios within 72 hours of confirming the incident — what happened, what data was affected, what we've done to contain it, what we recommend the studio do. This applies regardless of whether disclosure is required by regulation in your jurisdiction.

Junocal is not HIPAA-eligible. For studios handling protected health information (uncommon in pilates and yoga, more common in physiotherapy-adjacent practices), confirm fit with us before going live.

Security disclosures are welcome at hello@junocal.com. We respond to all credible reports within 48 hours and don't pursue legal action against good-faith researchers.