D
DojoOS

Legal

Privacy Policy

Last updated: April 22, 2026

1. Who we are

DojoOS ("we", "us") provides software for martial arts schools, gyms, and studios to manage members, schedules, billing, and operations. This policy explains how we handle personal information.

2. Information we collect

We collect:

  • Account info: name, email, phone, password hash.
  • Gym data: information about your gym (name, branding, locations, classes).
  • Member data: information you and your members upload (profiles, attendance, waivers, ranks, billing details).
  • Usage data: log data, device info, IP address, and analytics about how the Service is used.
  • Payment data: handled by our payment processor (Stripe); we do not store full card numbers. For payments collected from your members, the gym's connected Stripe account is the merchant of record.
  • Communications: emails we send to you and your members (welcome, trial reminders, receipts, payment-failure notices) are logged for delivery diagnostics and audit. Members can opt out of non-transactional marketing emails at any time.

3. How we use it

  • Provide and operate the Service.
  • Process payments and send transactional emails (receipts, account notices, reminders).
  • Provide customer support and respond to inquiries.
  • Improve, secure, and monitor the Service.
  • Comply with legal obligations.

We do not sell personal information.

4. Roles

For data your gym uploads about its members, your gym is the controller and DojoOS is the processor. We process member data only on your gym's instructions to deliver the Service.

For payments collected from members, the gym owns the connected payment processor account (e.g. Stripe). The gym — not DojoOS — is the merchant of record and the controller of that payment data. DojoOS never holds member funds and does not store full card numbers; payment details are handled by the gym's processor.

5. Sharing

We share data only with vetted subprocessors needed to operate the Service (hosting, database, email delivery, payment processing, authentication) under contractual confidentiality. See our subprocessors list for the full inventory. We may disclose information when required by law or to protect rights and safety.

5a. Cookies & analytics

We use a small number of cookies and similar technologies that are strictly necessary to keep you signed in and remember UI preferences (e.g. light/dark mode, kiosk mode). We do not use third-party advertising cookies or sell behavioral data. If we add product analytics in the future, we will update this section and, where required, request consent.

6. Retention

We retain account and gym data while your account is active. After termination we retain data for up to 90 days in primary systems (and longer in encrypted backups for up to 12 months) for legal compliance and dispute resolution, then delete or anonymize it. Email delivery logs are retained for up to 24 months. Connected Stripe accounts and the records held there remain under the gym's control independent of DojoOS.

7. Security

We use industry-standard safeguards including encryption in transit (TLS), tenant isolation via Postgres row-level security, hashed passwords, signed webhook verification for billing events, and least-privilege staff access. Read more on our security page. No system is perfectly secure; please use a strong, unique password and enable any available account protections.

8. Your rights

Depending on your jurisdiction (e.g. GDPR, CCPA) you may have the right to access, correct, export, or delete personal information about you, and to object to certain processing. To exercise these rights, contact us. If you are a member of a gym using DojoOS, please contact your gym first as they control your data.

9. International transfers

Our infrastructure may store and process data in the United States and other countries. Where required, we use appropriate safeguards for international transfers.

10. Children

The Service is not directed to children under 13. Gyms may upload information about minor members under their guardians' authority; gyms are responsible for obtaining required consents.

11. Changes

We may update this policy; material changes will be communicated by email or in-app notice.

12. Contact

Questions about this policy? Contact us or email privacy@dojoos.io.