HomeClassesFavoritesCourses

Privacy Policy

Effective Date: October 24 2025

Last Updated: October 24 2025

1. Who We Are

Primal Moves ("we", "our", "us") is a UK-based fitness and movement training company offering classes, events, and online training through our websites:

Primal Moves Ltd is registered in Essex, United Kingdom, and operates franchise studios in Spain, Portugal, and the United States.

For any privacy-related requests, please use the contact form on our website. This ensures your message is routed securely and handled by the appropriate team.

2. Information We Collect

2.1 Information You Provide Directly

When you:

  • Register for a class, event, or membership
  • Create an account on the training app
  • Subscribe to our newsletter
  • Contact us through our website forms

we may collect:

  • Name
  • Email address
  • Password (hashed)
  • Payment and billing details (processed securely by our payment provider)
  • Training preferences or profile details (optional)

2.2 Automatically Collected Data

When you visit our sites or use the app, we automatically collect:

  • IP address and approximate location (for analytics and security)
  • Browser and device information
  • Pages visited and session duration
  • Referral source (e.g. search, social media)
  • Video playback events and interaction logs (on the training app)

This data is collected using cookies and similar technologies (see Section 6).

3. How We Use Your Data

We use personal data to:

  • Deliver and improve our training services
  • Manage user accounts and preferences
  • Send transactional updates (e.g. confirmations, password resets)
  • Send marketing communications if you have opted in
  • Analyse usage to enhance site and app performance
  • Maintain platform security and prevent misuse

We do not sell or rent your personal data.

4. Legal Basis for Processing (EU/UK Users)

We process personal data based on:

  • Contract: to deliver the services you requested.
  • Consent: for newsletters, marketing, and cookies.
  • Legitimate interest: for analytics, usability, and fraud prevention.
  • Legal obligation: for record-keeping and compliance purposes.

5. Data Sharing and Third-Party Services

We work with trusted third parties to provide certain features:

PurposeCategoryExample ProvidersData SharedRegion
Hosting & infrastructureSecure cloud infrastructureManaged EU/UK data centresIP, usage, technical logsUK/EU
Authentication & databaseBackend platformSupabaseUser ID, profile data, usageEU
Payment processingPayment gatewayStripeBilling and transaction dataEU/US (SCCs)
Email deliveryTransactional email systemPostmarkName, email, message metadataEU/US (SCCs)
Analytics & marketingAnalytics toolsGoogle Analytics, Meta PixelIP (anonymised), usage dataEU/US (SCCs)
Video deliveryCDN & streamingBunny.netPlayback requestsEU
Security & performanceCDN and DDoS protectionCloudflareVisitor IP address, request metadataEU/US (SCCs)

We use Cloudflare to protect our sites from malicious traffic and to ensure fast, reliable global delivery. Cloudflare may temporarily process IP addresses and technical request data strictly for these purposes.

All partners are contractually bound to protect your data in line with GDPR and the UK Data Protection Act 2018.

6. Cookies and Tracking

We use cookies and similar technologies for:

  1. Essential – security, login, and checkout functions.
  2. Analytics – to understand performance and improve content.
  3. Marketing – to show relevant ads and measure campaigns.

You can manage or disable cookies in your browser or via our cookie banner.

7. Data Retention

  • Account data is kept while active and up to 24 months after closure.
  • Payment data is retained for 7 years (legal requirement).
  • Analytics data is stored for up to 26 months.

Data is then securely deleted or anonymised.

8. Your Rights (UK / EU)

You may:

  • Access and obtain a copy of your data
  • Request correction or deletion
  • Object to or restrict processing
  • Withdraw consent at any time
  • Request data portability

To exercise these rights, please use our website contact form.

We will respond within 30 days.

If you believe your data has been misused, you may contact the UK Information Commissioner's Office (ICO) or your local supervisory authority.

9. Data Security

We employ:

  • SSL / HTTPS encryption
  • Role-based access controls
  • Secure token-based authentication
  • Encrypted API keys and environment variables
  • Regular system audits and backups

These measures help prevent unauthorised access, disclosure, or alteration of personal data.

10. Children's Privacy

Our services are intended for adults 18+.

We do not knowingly collect information from minors.

If you believe a child has submitted data, please notify us via the contact form for removal.

11. International Data Transfers

Some partners may process data outside the UK or EU (for example, in the United States).

All such transfers follow GDPR and UK GDPR rules through Standard Contractual Clauses (SCCs) or adequacy decisions.

12. Updates

We may update this policy periodically.

The latest version will always be available at https://v2.primalmoves.com/privacy-policy.

Significant updates will be announced on-site.

13. Contact

To contact us about privacy or data protection matters, please use the contact form on our website.

Privacy Policy | Primal Moves | Primal Moves Online