Privacy Policy
Salt, Stillness & Strength (featuring Harbor Strength) (“we”, “our”, “us”) provides strength, recovery, and coaching services, including in-person classes and online coaching resources. This Privacy Policy explains what personal information we collect, why, how we use it, how we protect it, and your rights.
What we collect (short, honest list): We only collect what we need to run the business and keep you safe and served: Contact & identity: name, email, phone number, postal address. | Payment & billing: card info (via our payment processor), billing address, transaction history. | Health & coaching info (sensitive): fitness history, injuries, medical clearance, nutrition notes, session notes — provided voluntarily for coaching purposes. | Communications: emails, texts, messages, appointment scheduling metadata. | Device & usage: IP address, browser, cookies, pages visited, referral URLs, analytics. | Photos/videos: only if you provide them for marketing or progress tracking (we’ll ask permission). | Support records: messages, intake forms, consent forms, waivers.
How we collect it: Directly from you (intake forms, sign-ups, email, phone). | Automatically (website cookies, analytics). | From third parties you approve (payment processors, scheduling platforms).
Why we use your data (simple, no fluff): We use data to: Deliver coaching, classes, and programs | Process payments and manage subscriptions | Keep sessions safe (health info for injury risk) | Communicate scheduling, updates, and emergencies. | Improve our services and site (analytics). | Send marketing only if you opt in — we won’t spam you. | Comply with legal obligations or protect safety.
Lawful bases (for EU/UK users / GDPR): Contractual necessity: to provide services you requested. | Consent: for marketing, photos, or other optional processing. | Legal obligation: where required by law. | Legitimate interests: to improve services and prevent fraud (we’ll balance interests vs your rights).
Sharing & disclosures — who we work with. We DO NOT sell your personal information. We may share with: Service providers (payment processors, scheduling, email, analytics) who are contractually required to protect it. | Legal authorities when required by law or to protect safety. | Buyers only if we sell the business — and we’ll notify you. | Medical or emergency contacts only if necessary and as permitted by you or law.
Sensitive health/coaching data — extra care. Health and coaching notes are sensitive. We: Store these securely and minimize access. | Only share with third parties when necessary (e.g., emergency, legal). | Require your explicit consent for marketing using health info or publishing photos.
Cookies & tracking — quick banner text: Types: essential (required), functional (scheduling), analytics (Google Analytics), marketing (only if you opt in).
Security — what we do: Encryption in transit (HTTPS). | Data access limited to authorized staff only. | Regular backups and software updates. | Vendor contracts requiring reasonable security. | Incident response plan — we investigate and notify affected users promptly (see Breach section). Note: No system is 100% impenetrable. We work hard but be honest — we’ll tell you if things go sideways.
Data retention — how long we keep stuff. Contact/payment records: 7 years (or as required for taxes/legal). | Coaching/health notes: retained while you’re active + 7 years after last session (adjustable on request). | Marketing preferences & consents: until you opt out. | Analytics/aggregated data: anonymized indefinitely for product improvement.
Your rights (how to exercise them). Depending on where you live, you can: Access your personal data. | Correct inaccurate data. | Delete data (subject to legal/contractual retention rules). | Restrict or object to processing (e.g., marketing). | Request data portability. | Opt out of sale of personal information (California residents). To exercise rights: email nclumpkin@hotmail.com We’ll acknowledge within 5 business days and respond per local law timelines. We may ask for ID to verify.
Minors: We do not knowingly collect data from children under 16 (or 13 where applicable) without parental consent. If we learn we’ve collected a minor’s info without consent, we’ll delete it.
Third-party links & platforms. We may link to third-party services (booking, payments, social). Those services have their own privacy policies. We’re not responsible for their practices — read theirs before you click.
Data breaches & notice: If a breach affecting your personal data occurs, we will. Investigate immediately | Contain the breach. | Notify affected users without undue delay and, if required, within regulator timelines (e.g., GDPR: 72 hours). | Offer remediation steps and next actions.
International transfers: If data is transferred outside your country (e.g., U.S. vendors), we will use appropriate safeguards (standard contractual clauses, adequate protections) per law.
California residents (CCPA/CPRA) — quick summary: You may request access, deletion, and opt-out of sale/targeted advertising. | No discriminatory treatment for exercising rights. | To submit requests: clumpkin@hotmail.com. Provide sufficient info to verify.
Changes to this policy: We may update this policy. Material changes will be posted with a new Effective date and, where appropriate, notified by email.
Contact & complaints: Privacy contact: nclumpkin@hotmail.com
Right to Refuse or Terminate Services: Salt, Stillness & Strength (featuring Harbor Strength) maintains a strict zero-tolerance policy for harassment, discrimination, intimidation, stalking, or any conduct that puts staff, members, or other clients at risk. We may, at our sole discretion, refuse service to any individual or terminate sessions immediately — without prior warning — when we determine that continued interaction would be unsafe, disruptive, or inconsistent with our values and policies. Termination decisions may be based on reports, documented behavior, incidents witnessed by staff, or credible third-party information. We will document the reason for termination and retain records in accordance with our data retention policy. Any refund eligibility will be assessed under our refund and cancellation terms.