The Pilates Project Digital Privacy Policy
Effective Date: October 17, 2025
This Privacy Policy explains how The Pilates Project LLC (“The Pilates Project,” “we,” “us,” or “our”) collects, uses, stores, and protects your information when you interact with our websites, apps, and digital services (collectively, the “Services”).
The Pilates Project LLC is the controller of your personal data and operates globally in accordance with international privacy standards, including the GDPR and PDPA.
1. AI-Powered Features and Data Processing
Certain features within The Pilates Project are powered by the Mana Platform, an AI-enabled system that supports personalized recommendations, journaling, chat-based interactions, and other intelligent features.
When users interact with these AI features, the textual or contextual information provided is securely transmitted to the Mana Platform’s servers and processed by language models through encrypted API connections (such as OpenAI API). These systems analyze user input solely to generate responses or recommendations within the app.
The Pilates Project remains the Data Controller for all personal data processed through its digital products. The Mana Platform operates as a Data Processor, providing AI-powered features under The Pilates Project’s instructions.AI-generated responses are for informational and wellness purposes only and do not constitute medical, psychological, or professional advice
2. Pseudonymization & Data Minimization
Before any personal information is transmitted for AI processing, all personally identifiable information (PII) is pseudonymized or tokenized. This ensures that data sent to AI systems cannot identify a specific individual without additional information held securely by The Pilates Project.
We collect and process only the minimum amount of data necessary to provide personalized experiences, in accordance with the principles of data minimization and privacy by design.
3. Contextual & Personalized Experiences
The Mana Platform may use limited contextual information — such as user preferences, workout history, cycle-tracking data, or mood selections — to deliver tailored recommendations, content suggestions, or insights.This automated processing is designed to enhance user experience and does not constitute automated decision-making that produces legal or significant personal effects under GDPR Article 22.
4. Information We Collect
We collect information necessary to deliver our Services and improve user experience:
- Account Information: name, email, password, and subscription details.
- Payment Information: handled securely through third-party processors (e.g., Stripe).
- Device & Usage Data: IP address, browser or device type, time zone, and pages viewed.
- User Preferences & Activity: workout history, cycle-tracking data, favorites, and engagement analytics.
- Communications: messages or inquiries sent to our support team or via in-app forms.
We may use cookies and analytics tools (e.g., PostHog) to measure performance and enhance experience. These do not include personally identifiable informatio
5. How We Use Information
We process data to:
- Deliver and personalize our Services.
- Improve platform functionality and AI-based recommendations.
- Communicate with you about updates or support.
- Maintain compliance, security, and fraud prevention.
- Fulfill legal, tax, or accounting obligations.
We may also send service-related communications and, where you have consented, marketing updates. You can unsubscribe at any time by following the instructions in the message or contacting us directly.
6. Legal Basis for Processing
- Depending on context, we rely on:
- Consent – for marketing or AI features you opt into.
- Contractual necessity – to provide subscriptions and core functionality.
- Legitimate interests – to improve and secure our Services.
- Legal obligation – where required by law or regulation.
7. How We Share Information
We share data only with trusted service providers who act under strict confidentiality and data-protection terms, such as:
- Supabase, Inc. – database and authentication
- Stripe, Inc. – payment processing
These partners process data solely to enable core functionality within The Pilates Project platform.We never sell or rent user data.
8. Sub-Processors & Security
The Pilates Project uses trusted third-party service providers (“sub-processors”) to operate its digital and AI features securely and efficiently. These may include:
- OpenAI, L.L.C. – AI model processing
- Supabase, Inc. – database and authentication
- Amazon Web Services, Inc. (AWS) – cloud infrastructure
- PostHog, Inc. – product analytics
All sub-processors are bound by strict data-protection obligations consistent with GDPR and industry standards. Data is transmitted and stored using end-to-end encryption and modern security protocols.
9. Data Transfers
Data may be processed or stored in different jurisdictions where we operate.All transfers follow international safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms ensuring GDPR-level protection.
10. Data Retention
AI interaction data (such as chat history or journaling entries) is stored securely within The Pilates Project’s database hosted on Supabase and may be retained for as long as a user account remains active or as required for service delivery.
When you request deletion, we permanently remove or anonymize your personal data within 30 days. Backup copies may persist for up to 90 days as part of standard disaster-recovery procedures before being overwritten.
11. Security Measures
We employ industry-standard safeguards, including:
- Encryption in transit and at rest
- Secure authentication and access controls
- Regular audits and limited employee access
Access to personal data is restricted to authorized personnel and contractors under confidentiality agreements.
No online system is entirely immune, but we continually monitor and update our protections.
12. Children’s Privacy
Our Services, including AI features, are not directed to children under 16.
If we learn that personal data from a minor has been collected, it will be deleted promptly.
13. Links to Third-Party Platforms
Our Services may include integrations or links (e.g., Stripe checkout, social media). These third-party platforms operate under their own privacy policies.
We are not responsible for the privacy practices or content of third-party platforms and encourage you to review their policies before sharing any personal data.
14. User Rights
Depending on your location, you may have the right to:
- Access, correct, or delete your data.
- Withdraw consent for processing.
- Request data portability.
- Object to certain processing activities.
To exercise these rights, contact hello@wearetpp.com.
15. Updates
This Policy may be updated from time to time to reflect new technologies or regulatory changes
.If material changes affect how we process your personal data, we will request renewed consent where required by law.
Any material updates will be communicated through the app, website, or by email. Continued use of the Services after such changes constitutes acceptance of the revised terms.
16. Applicable Law
This Policy is governed by the laws of Wyoming, United States, and complies with applicable international privacy regulations, including GDPR and PDPA.
While this Policy is governed by Wyoming law, individuals located in jurisdictions such as the European Economic Area, United Kingdom, or Singapore retain the rights granted to them under their respective data-protection laws.
17. Contact
For any privacy questions or data-related requests:
📩 hello@wearetpp.com
🏢 The Pilates Project LLC30 N Gould Street, Sheridan, WY 82801, USA
