Legal

Privacy Policy

**Draft — April 2026. This document has not been reviewed by a solicitor and does not constitute legal advice. It must be reviewed before the business opens to the public.**

1. Who We Are

Reclusion operates a private gym facility on High Street, Dorking, Surrey. Our website is www.reclusion.co.uk. For questions about this policy or your personal data, contact us at hello@reclusion.co.uk.

2. What Information We Collect

We collect the following categories of personal data:

Account information

- Full name, email address, and phone number provided when you create an account

Booking data

- Sessions booked, booking type, dates and times, number of participants, booking status

Health and safety data

- Health declaration (PAR-Q responses), emergency contact details, waiver acceptance records

Payment references

- We receive confirmation of payment from our payment processor (Stripe). We do not store your full card number or CVV.

Access and usage data

- Access code generation and delivery records, access event logs

Communications data

- Records of emails and SMS messages sent to you in connection with your bookings

Technical data

- IP address at the time of waiver signing (for audit purposes), browser and device information collected by analytics tools

3. How We Use Your Information

We use your personal data for the following purposes:

  • To create and manage your account
  • To process and confirm your bookings
  • To generate and deliver access codes for your sessions
  • To send booking confirmations, reminders, and service notifications
  • To maintain health and safety records required for the lawful operation of the facility
  • To process cancellations and refunds
  • To investigate complaints or incidents
  • To analyse usage of the website and booking system and improve the service
  • To comply with our legal obligations

4. Legal Basis for Processing

We process your personal data on the following legal grounds (UK GDPR):

  • Contract — processing your booking data and account information is necessary to perform the service you have requested
  • Legal obligation — we are required to maintain certain health and safety records
  • Legitimate interests — we have a legitimate interest in operating the facility safely, preventing fraud, and improving our service
  • Consent — where you have given consent, for example to receive marketing messages

5. Cameras and Monitoring

The gym training area is not monitored by cameras. A camera may monitor the entrance area from inside the premises for the purposes of safety, access control, and incident review only. Footage is retained for a limited period and is not shared except where required by law or for the investigation of an incident.

6. Who We Share Data With

We share your data only where necessary:

  • Stripe — payment processing (subject to Stripe's own privacy policy)
  • Resend — transactional email delivery
  • Twilio — SMS message delivery
  • Supabase — cloud database and authentication provider
  • Vercel — website hosting
  • Google Analytics — anonymised website usage statistics
  • Law enforcement or regulatory bodies where required by law

We do not sell your personal data.

7. How Long We Keep Your Data

We retain your data for as long as your account is active and for a reasonable period thereafter, or as long as required to meet our legal and operational obligations. Health and safety records (including health declarations, waivers, and emergency contacts) may be retained for longer periods in line with industry practice.

8. Your Rights

Under UK data protection law you have the right to:

  • Access a copy of the personal data we hold about you
  • Correct any inaccurate or incomplete data
  • Erase your data in certain circumstances
  • Object to processing based on legitimate interests
  • Restrict processing in certain circumstances
  • Data portability in certain circumstances
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at hello@reclusion.co.uk. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. All data is stored within Supabase's secure cloud infrastructure. Access to production data is restricted to authorised personnel only.

10. International Transfers

Some of our service providers (including Stripe, Resend, and Twilio) may process data outside the UK. Where this occurs, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses.

11. Children

Our service is not intended for anyone under the age of 18. We do not knowingly collect personal data from anyone under 18.

12. Changes to This Policy

We may update this policy from time to time. If we make material changes we will notify registered users by email. The date at the top of this document indicates when it was last updated.

13. Contact

For any questions about this Privacy Policy or how we handle your data, please contact us at hello@reclusion.co.uk.