Privacy Policy

Personal Identification Info

When you join up or book sessions, we'll need your name, email, phone number, and address. Pretty standard gym stuff - we can't exactly send you membership updates via carrier pigeon.

Health & Fitness Data

This is where it gets a bit more detailed. We collect medical history, injury records, fitness goals, and performance metrics. Why? Because programming combat training without knowing you've got a bum shoulder would be irresponsible as hell. We need this to keep you safe and progressing.

Payment Information

Credit card details, billing addresses, transaction history - the usual financial stuff. We use secure payment processors (not storing your full card numbers on our end), but we do keep records of what you've paid for and when.

Usage & Technical Data

Website visits, IP addresses, browser types, pages you check out. Also includes facility access logs (when you check in), equipment usage if you're tracking it through our app, and class attendance records.

Communications

Any emails, messages, or feedback you send our way gets stored. We're not reading your private convos, but if you email us about something, yeah, we keep that on file.

Here's what we actually do with your data:

• Program Design: Your health info and goals help us build training programs that won't wreck you. Our coaches reference this stuff constantly to adjust your workouts.
• Communication: Class schedule changes, facility updates, appointment reminders. We're not bombarding you with spam - just keeping you in the loop about stuff that matters.
• Billing & Payments: Processing memberships, charging for sessions, handling refunds when necessary. Financial record-keeping is legally required anyway.
• Safety & Liability: Emergency contacts, medical conditions, injury tracking. If something goes wrong during training, we need to know your history and who to call.
• Facility Management: Tracking capacity, managing equipment, scheduling classes. Helps us avoid overcrowding and make sure there's enough gear to go around.
• Service Improvement: Figuring out what's working and what's not. If nobody's signing up for a particular class, we'll probably drop it.
• Legal Compliance: Tax records, liability waivers, regulatory requirements. The boring but necessary stuff.

We're not using your data for anything weird or unrelated to running the gym. If that changes, we'll update this policy and let you know.

We don't sell your info - period. That said, we do share data with certain third parties when absolutely necessary:

Service Providers

Payment processors (Stripe, Square), email services (for newsletters and updates), cloud storage providers, and scheduling software. These companies are contractually obligated to protect your data and can't use it for their own purposes.

Legal Requirements

If we get a valid subpoena or court order, we'll comply with the law. Also, if there's a genuine safety emergency, we might share info with first responders or medical personnel.

Business Transfers

If we ever sell the gym or merge with another facility (not planning on it, but you never know), your membership data would transfer to the new owners. You'd be notified beforehand.

With Your Consent

Sometimes we might want to feature your progress photos or testimonials. We'll always ask permission first, and you can say no without any consequences to your membership.

Our website uses cookies - those little text files that remember who you are when you visit. Nothing sinister, just practical stuff:

• Essential Cookies: Keep you logged in, remember your cart if you're buying a membership online, basic site functionality.
• Analytics: We use Google Analytics to see which pages people visit and how they found us. Helps us know if our marketing's working or if we're just throwing money away.
• Preferences: Remember settings like language choice or if you've dismissed certain pop-ups.

You can disable cookies in your browser settings, but some parts of the site might not work properly. Most browsers also have "Do Not Track" settings we'll respect.

We're not using any creepy retargeting pixels that follow you around the internet. If you see our ads elsewhere, it's just standard geographic targeting, not because we're tracking your every move.

We take security seriously - your data's locked down tighter than our equipment at closing time:

• Encryption: All data transmitted to/from our website uses SSL/TLS encryption. Payment info gets tokenized immediately - we never see your full card numbers.
• Access Controls: Only staff who actually need access to your info can see it. Our front desk can see your contact details, but they can't access your medical history unless they're a coach working with you.
• Regular Backups: Data's backed up daily to secure servers. If something crashes, we're not losing your training history.
• Staff Training: Everyone on our team signs confidentiality agreements and gets trained on privacy protocols. We fire people who breach confidentiality - it's happened before.
• Physical Security: Paper records are locked up. Our office computers are password-protected and auto-lock when idle.

That said, no system's 100% bulletproof. If we ever suffer a data breach, we'll notify affected members within 72 hours and report it to the Privacy Commissioner as required by Canadian law.

Under Canadian privacy law, you've got some solid rights regarding your personal info:

Access Your Data

You can request a copy of everything we have on file about you. We'll provide it within 30 days, usually sooner. There's no fee unless you're making repeated requests (then we might charge a reasonable admin fee).

Correct Inaccuracies

If we've got wrong info on file - misspelled name, old phone number, outdated medical history - you can request corrections anytime. Just shoot us an email or mention it at the front desk.

Delete Your Data

You can request deletion of your personal info, with some exceptions. We have to keep financial records for tax purposes (7 years), and we'll maintain basic liability waiver info. But we'll delete what we legally can.

Opt-Out of Marketing

Don't wanna receive our newsletters or promotional emails? No problem - there's an unsubscribe link in every message, or just tell us you're out. We'll still send essential stuff like billing notices and safety alerts.

Withdraw Consent

For stuff that requires your consent (like using your photos), you can withdraw permission anytime. We'll stop using that content going forward.

To exercise any of these rights, contact us at info@nexurionbastion.info or ask at the front desk. We'll verify your identity (can't just hand over someone's data to a random person) and process your request promptly.

We don't keep your data forever - here's how long different stuff sticks around:

• Active Membership Data: Kept for the duration of your membership plus one year after cancellation. Gives us time to handle any lingering issues or if you decide to come back.
• Financial Records: Seven years minimum - that's what the Canada Revenue Agency requires for tax purposes. Non-negotiable.
• Liability Waivers: Indefinitely, sorry. Legal protection in case someone tries to sue us years later claiming an old injury.
• Training Records: Two years after membership ends. Long enough to be useful if you return, short enough that we're not hoarding ancient data.
• Medical/Health Info: Deleted one year after membership cancellation, unless you've given us updated info that superseded the old stuff (then we only keep the current version).
• Marketing Communications: Until you unsubscribe or your email bounces repeatedly. Then you're automatically removed.
• Website Analytics: 26 months, then it's auto-deleted by Google Analytics.

When we delete data, it's actually deleted - not just archived. We use secure deletion methods so it can't be recovered.

We train athletes as young as 14 (with parental consent), so here's how we handle privacy for younger members:

Parental Consent Required: Anyone under 19 needs a parent or legal guardian to sign off on membership and provide all personal information. We verify this at sign-up.

Limited Data Collection: For minors, we collect only what's absolutely necessary - emergency contacts, medical conditions relevant to training, and basic contact info. We're extra cautious here.

No Direct Marketing: We don't send promotional emails or messages directly to minors. All communications go through the parent/guardian email on file.

Photo/Video Restrictions: We never use images of minors in marketing without explicit written consent from parents. Even then, we're selective - no last names, no tagging on social media.

Parent Access: Parents/guardians have full access to their child's membership data and can request changes or deletion at any time.

When a member turns 19, we transfer account control to them and require them to review and agree to our privacy policy in their own right.

We'll update this policy occasionally - laws change, our systems evolve, new situations come up. When we make changes, here's what happens:

Minor Updates: Small clarifications or typo fixes get made without fanfare. We'll update the "Last Updated" date at the top of this page.

Significant Changes: If we're collecting new types of data, changing how we use existing info, or altering our sharing practices, you'll get direct notice via email at least 30 days before the changes take effect.

Your Options: If you disagree with major changes, you can cancel your membership without penalty during that 30-day notice period. We'll provide a prorated refund if applicable.

We'll never make changes that retroactively affect data collected under previous policy versions unless legally required to do so. Your info is governed by the policy in effect when we collected it.

Got questions about this policy? Want to exercise your privacy rights? Think we screwed something up? Let's talk: