Legal

Privacy Policy

Strongirlys Pte. Ltd. · Last updated: March 2025 · Singapore

At Strongirlys Pte. Ltd., we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, programmes, and online classes. Please read it carefully. By engaging with our services, you agree to the terms described below.

Who We Are

Strongirlys Pte. Ltd. ("Strongirlys", "we", "us", or "our") is a women's fitness coaching company incorporated in Singapore. We provide personal training programmes, online fitness classes, gym pod access, and related wellness services.

We are the data controller responsible for the personal data we hold about you. This policy applies to all individuals who visit our website, purchase our services, participate in our classes, or otherwise interact with us.

Data We Collect

We collect the following categories of personal data:

Identity & Contact Data — Full name, email address, phone number, and WhatsApp contact details.
Payment Data — Billing address, payment card details, and transaction history. Payment data is processed securely via Stripe and is not stored on our servers.
Health & Fitness Data — Information you voluntarily provide including fitness goals, current fitness level, health conditions, injuries, dietary preferences, and progress metrics. This is considered sensitive personal data and is handled with heightened care.
Media Data — Photos and videos you share with us for coaching feedback, or that are captured during online or in-person sessions (with your consent).
Location Data — General location information when you book or access our gym pod facility, or as provided by your device when interacting with our services.
Technical Data — IP address, browser type, device identifiers, and website usage data collected via cookies and analytics tools.
Communications Data — Messages, emails, and WhatsApp communications you send to us.

How We Collect Your Data

We collect personal data through the following means:

Direct interactions — When you fill in forms, purchase a programme, book a class, or contact us via email, WhatsApp, or Instagram DM.
Online class participation — When you join sessions via Zoom or our online class platform, your name and video feed may be visible to the coach and other participants.
Payment processing — When you complete a purchase through our Stripe-powered checkout.
Email communications — When you subscribe to our mailing list or receive programme updates via our email marketing platform.
Social media — When you interact with us on Instagram or send us a message via social platforms.
Automated technologies — Cookies, web beacons, and similar tracking technologies on our website.

How We Use Your Data

We use your personal data for the following purposes:

Delivering our services — To provide coaching programmes, online classes, gym pod access, and personalised fitness plans.
Processing payments — To complete transactions and issue receipts via Stripe.
Communication — To respond to enquiries, send programme updates, class reminders, and administrative notices via email or WhatsApp.
Marketing — To send you promotional content, new programme announcements, and community updates where you have given consent. You can opt out at any time.
Personalisation — To tailor workout plans, coaching feedback, and class recommendations based on your health and fitness data.
Safety & compliance — To ensure the safety of participants during classes and gym pod use, and to comply with applicable laws.
Improvement of services — To analyse usage patterns and improve our website, classes, and coaching quality.

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

Legal Basis for Processing

Under Singapore's Personal Data Protection Act 2012 (PDPA), we process your personal data based on the following grounds:

Consent — You have given us clear consent to process your data for specific purposes, including marketing communications and the handling of health data.
Contractual necessity — Processing is necessary to fulfil a contract with you, such as delivering a programme or processing a payment.
Legitimate interests — We have a legitimate business interest in processing your data, such as improving our services, provided this does not override your rights.
Legal obligation — Where we are required by law to retain or process certain data.

Sharing Your Data

We do not share your personal data with third parties except in the following circumstances:

Service providers — We share data with trusted third-party platforms that help us operate our services (see Section 7). These providers are contractually obligated to protect your data.
Legal requirements — We may disclose your data if required by law, court order, or regulatory authority.
Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, with appropriate notice given to you.
With your consent — We may share your data for purposes not listed here with your explicit consent.

We never sell, rent, or trade your personal data to marketing companies or unrelated third parties.

Third-Party Platforms

We use the following third-party platforms as part of our operations. Each has its own privacy policy which governs their use of your data:

Stripe — Payment processing. Your payment data is handled directly by Stripe and subject to their Privacy Policy.
Zoom — Online class delivery. Session recordings (if any) are disclosed to participants in advance.
WhatsApp (Meta) — Client communication. Messages are end-to-end encrypted.
Instagram (Meta) — Social media engagement and client enquiries.
Email marketing platform — Used to send newsletters and programme updates to subscribers who have opted in. You may unsubscribe at any time.

Health & Sensitive Data

Health and fitness information — including details about medical conditions, injuries, physical limitations, or dietary requirements — is considered sensitive personal data. We collect this solely to provide safe, personalised coaching.

We will never share your health data with any third party without your explicit written consent, except where required by law or in a genuine emergency situation.

Health data is stored securely, accessible only to your assigned coach, and deleted within 12 months of your programme ending unless you request otherwise or we are legally required to retain it.

Photos & Videos

We may capture or receive photos and videos in the following contexts:

Progress photos — Shared by you voluntarily for coaching feedback. These are stored securely and never shared publicly without your explicit consent.
Online class recordings — Zoom sessions may be recorded for quality review purposes only. You will be notified before any session is recorded, and you may opt out.
Testimonials & marketing — We will only use your image or video in promotional materials with your express written consent. You may withdraw consent at any time.

You have the right to request deletion of any photos or videos we hold of you at any time.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law:

Client records & communications — 3 years from last engagement.
Payment records — 7 years, as required by Singapore financial regulations.
Health & fitness data — 12 months after programme completion, unless extended at your request.
Marketing data — Until you unsubscribe or withdraw consent.
Photos & videos — Until you request deletion or withdrawal of consent.

Your Rights

Under the PDPA and applicable data protection law, you have the following rights:

Right to access — You may request a copy of the personal data we hold about you.
Right to correction — You may request that we correct inaccurate or incomplete data.
Right to withdrawal of consent — You may withdraw consent to any processing based on consent at any time.
Right to data portability — Where technically feasible, you may request your data in a structured, machine-readable format.
Right to erasure — You may request deletion of your data where there is no legitimate reason for us to continue processing it.
Right to opt out of marketing — You can unsubscribe from marketing communications at any time.

To exercise any of these rights, please contact us using the details in Section 15. We will respond within 30 days.

Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or disclosure:

All payment transactions are encrypted via SSL/TLS and processed through Stripe's PCI-DSS compliant infrastructure.
Access to client data is restricted to authorised personnel only.
We use password-protected systems and secure cloud storage for client files.
We do not transmit sensitive health data via unencrypted channels.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities within the timeframes required by the PDPA.

Children's Privacy

Our services are intended for individuals aged 18 years and above. We do not knowingly collect personal data from anyone under the age of 18 without verifiable parental or guardian consent.

If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify active clients via email where the changes are significant.

Your continued use of our services after any changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

Strongirlys Pte. Ltd.

Singapore

Email: privacy@strongirlys.com