Privacy Policy

Effective Date: September 5, 2025 

Last Updated: September 5, 2025 

This Privacy Policy explains how HOLD Fitness Group, Inc. dba HOLD Studio ("HOLD," "we," "us," or "our") collects, uses, and shares personal information when you visit or make a purchase from our online store (the "Site"). By using the Site, you agree to the practices described here. 

Note: This policy is provided for general information and is not legal advice. Certain rights and disclosures vary by jurisdiction. Where local laws provide stronger protections, those controls apply. 

1) Scope 

This policy covers personal information processed via the Site, checkout, customer accounts, customer support, marketing emails/SMS (if you opt in), and apps connected to our store. It does not cover independent third‑party websites or services we link to. 

2) Who We Are & Contact 

Controller: HOLD Fitness Group, Inc. dba HOLD Studio 

Mailing Address: Placentia, California, USA 

Email: hello@holdfitness.com 

Data Protection Contact: hello@holdfitness.com 

3) Personal Information We Collect 

(A) Information you provide 

● Account & profile (name, email, password, addresses, phone) 

● Orders & payments (order details; last 4 digits of card, tokenized payment IDs via our processors) 

● Customer support (messages, returns information, photos you choose to send) ● Marketing preferences (email/SMS opt‑ins, interests) 

● Content you submit (product reviews, survey responses, UGC with consent) 

Sensitive information: We do not intentionally collect health or other sensitive personal information via the Site. Please avoid submitting such details. If you voluntarily provide any, we will process it only to the extent necessary to respond to your request and as permitted by law.

(B) Information collected automatically 

● Device & usage data (IP address, browser, device type, operating system, referral URLs, pages viewed, time stamps) 

● Cookies & similar technologies for essential functions (cart, checkout), analytics, and (if enabled) ads/retargeting. See Section 10 for cookies. 

(C) Information from third parties 

● Stripe (our ecommerce platform) provides device/order/fraud prevention signals. ● Payment processors (e.g., Shop Pay/Stripe/PayPal) provide payment tokens and status. 

● Fulfillment/shipping partners (carriers, 3PL) provide tracking and delivery updates. ● Marketing/analytics tools (e.g., email service providers, ad platforms) provide campaign metrics and audience insights within applicable law. 

4) How We Use Personal Information 

● Provide the Site & fulfill orders (process payments, shipping, returns) ● Customer support & communications (service notices, responses) ● Personalize & improve (optimize content, features, and product recommendations) ● Marketing (email/SMS if you opt in; ads/retargeting if cookies are enabled) ● Security & fraud prevention (detect, investigate, and prevent fraud/abuse) ● Compliance (legal obligations, recordkeeping, tax, accounting) 

5) Legal Bases (EEA/UK/Switzerland only) 

● Contract: to fulfill orders and provide services 

● Legitimate interests: to secure, improve, and market our services (balanced with your rights) 

● Consent: for email/SMS marketing and non‑essential cookies/ads (you may withdraw consent) 

● Legal obligation: for tax, accounting, and compliance records 

6) How We Share Personal Information 

We share the categories of personal information described in Section 3 with: 

● Service providers/Processors: e.g., Shopify (store hosting/checkout), payment processors, email/SMS platforms, analytics, IT/cloud, shipping/fulfillment, customer support tools 

● Advertising/marketing partners: if we run ads or retargeting (subject to consent where required)

● Professional advisors & authorities: auditors, legal counsel, regulators, law enforcement (as required) 

● Business transfers: in a merger, acquisition, or asset sale, information may be transferred as permitted by law 

We do not sell personal information for money. If we use advertising cookies or share identifiers with ad partners, that may constitute a “share” or “sale” under some state laws; see Sections 9–10 for opt‑out controls. 

7) Retention 

We keep personal information no longer than necessary for the purposes above, including to comply with legal, accounting, or reporting requirements. Typical retention periods: 

● Orders & tax records: 7 years 

● Account & support records: up to 5 years after last interaction 

● Marketing data: until you unsubscribe or after 24 months of inactivity ● Cookie‑level data: per cookie lifespan (see Section 10) 

8) Your Privacy Rights 

Your rights vary by location and may include: 

● Access/Know what we collect and how we use it 

● Correct inaccurate information 

● Delete information (subject to legal exceptions) 

● Portability of certain data 

● Opt‑out of targeted advertising/“sharing”/“selling” (as defined by state laws) ● Limit use of sensitive data (where applicable) 

● Withdraw consent (for email/SMS/cookies) without affecting prior processing 

How to exercise: Email us at [privacy@yourdomain.com] with your request and the state/country you reside in. We may need to verify your identity or authorized agent status. Residents of certain U.S. states (e.g., Colorado, Virginia, Connecticut) may have the right to appeal a decision; instructions will be provided if we decline your request. 

California residents (CPRA) – Notice at Collection: 

We collect identifiers, commercial information, internet/network activity, geolocation (approximate), and inferences for the purposes listed in Sections 4 and 6. We do not use or disclose sensitive personal information for purposes that would require a right to limit under CPRA. We may share identifiers and internet activity with advertising partners for cross‑context behavioral advertising (if enabled). You can opt‑out (see Section 9). We do not knowingly sell/share data of consumers under 16.

9) Opt‑Outs & Preferences 

● Email: click Unsubscribe in any marketing email. 

● SMS/Text: reply STOP to opt‑out; HELP for help. Message/data rates may apply. Frequency varies. (See also Section 11.) 

● Ads/retargeting (state law opt‑outs): Use our “Do Not Sell or Share My Personal Information” link (if present) or email us to request an opt‑out. We honor applicable browser signals such as Global Privacy Control (GPC)where required. 

10) Cookies & Similar Technologies 

We use: 

● Essential cookies (strictly necessary for cart, checkout, account security) ● Analytics cookies (traffic and performance) 

● Advertising cookies (if enabled; for personalized ads/retargeting) 

You can manage cookies via our cookie banner/settings or your browser. Blocking some cookies may impact site functionality, especially checkout. 

11) Text Marketing 

By opting into SMS/text marketing, you agree to receive recurring automated promotional and personalized messages at the phone number provided. Consent is not a condition of purchase. Reply STOP to cancel and HELP for help. Message frequency varies. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. We use compliant SMS providers to deliver messages; those providers process your number and messaging metadata to provide the service. 

12) Children’s Privacy 

The Site is not intended for children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us to request deletion. 

13) Security 

We implement technical and organizational measures appropriate to the risk (encryption in transit, access controls, limited retention). No method of transmission or storage is 100% secure.

14) International Data Transfers 

We are based in the United States. If you access the Site from outside the U.S., your information may be transferred to and processed in the U.S. and other countries that may have different data protection laws. Where required, we rely on appropriate safeguards (e.g., standard contractual clauses) with our service providers. 

15) Do Not Track 

Some browsers send a Do‑Not‑Track (DNT) signal. We do not respond to DNT; however, we honor GPC signals for state law opt‑outs where required (see Section 9). 

16) Changes to this Policy 

We may update this Privacy Policy from time to time. Changes take effect when posted on this page unless a later date is stated. If changes are material, we will provide additional notice as required by law. 

17) Notice of Financial Incentive (if applicable) 

If we offer a discount or benefit in exchange for your personal information (e.g., email sign‑up), we will describe the material terms of the program at sign‑up, including the categories of personal information collected and instructions to opt‑out at any time. We reasonably estimate the value of the program based on related expenses and anticipated revenue from personal information.