Privacy Policy

Last updated: 31/03/2026

Cookies & similar technologies — what we use, why there's no marketing cookie banner, and how payments on provider sites work.

1. Who we are

My Yoga Class ("we", "us", "the Platform") is a platform that connects yoga teachers with students. We are the data controller for the personal data we process through the Platform.

2. What data we collect

We collect and process the following personal data:

Teachers: Name, email address, profile image, bio, insurance documents, bank details (if you accept bank transfer), payment links, and information about your classes, courses and retreats.
Students (yogis): Name, email address, phone number, emergency contact, medical notes (for teachers you take classes with), and booking history.
Guest bookings: Name and email for retreat or class bookings where you have not created an account.
Payment metadata: Transaction amounts, payment method (e.g. card, bank, cash), and references. We do not store full card details; card payments are processed by Stripe.

3. Legal basis

We process your data on the following legal bases under UK GDPR:

Contract: To provide the Platform, manage your account, process bookings and payments.
Legitimate interest: To improve the Platform, prevent fraud, and ensure security.
Consent: Where you have given explicit consent (e.g. marketing, if we add it).

4. Third parties

We share data with the following service providers who act as processors:

Clerk: Authentication (sign-in, account management).
Stripe: Payment processing. Card details never touch our servers.
Resend: Booking confirmation emails.
UploadThing: File uploads (e.g. insurance certificates, images).
Mapbox: Maps and location display.
Unsplash: Optional header images for classes and profiles.
Neon: Database hosting (PostgreSQL).
Polar: Subscription and billing (where enabled), including hosted checkout or customer portal flows.

Each processor is bound by data processing agreements and processes data only as we instruct.

5. Retention

We retain your data for as long as your account is active and as needed to provide the service. When you delete your account, we permanently remove your data from our systems. We maintain an audit log of deletion events (without personal data) for compliance purposes. Teachers may export yogi contact data for their own records; retention of that exported data is the teacher's responsibility.

6. Your rights

Under UK GDPR you have the right to:

Access: Request a copy of your personal data.
Rectification: Correct inaccurate data.
Erasure: Request deletion of your data ("right to be forgotten").
Portability: Receive your data in a structured, machine-readable format.
Object: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent.

Students (yogis) can export their data and delete their account from the Account page in the dashboard. Teachers can export yogi contact data from the Yogis page. To exercise any other right, please contact us.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.

7. International transfers

Some of our processors (e.g. Clerk, Stripe, Resend) may process data outside the UK. We ensure appropriate safeguards (e.g. UK adequacy decisions, Standard Contractual Clauses) are in place where required.

8. Security

We use industry-standard security measures including encryption in transit and at rest, secure authentication, and webhook signature verification. We do not store passwords or full card details.

9. Cookies and similar technologies

We do not use third-party advertising or cross-site tracking pixels (for example Google Analytics, Meta Pixel, or similar) in our application. We therefore do not show a cookie consent banner for marketing cookies.

We do use cookies and similar storage where they are needed to run the Platform:

Authentication (Clerk): Session and security cookies (or equivalent browser storage) so you can stay signed in and so we can protect accounts.
Dashboard preference: A first-party cookie (dashboard_view) remembers whether you last used the teacher or yogi area of the dashboard, so we can send you to the right place.
Maps (Mapbox): On pages that show a map, Mapbox scripts may set cookies or use local storage to deliver map tiles and features. Mapbox is listed under third parties above.
PWA (optional): In production we may register a service worker for installable app behaviour; it does not track you across sites.

Card payments may be completed on Stripe's or another payment provider's hosted pages; their cookie practices are governed by their own policies when you are on their domain.

10. Contact

For data protection enquiries, to exercise your rights, or to contact our data protection representative, please use the contact details provided on our website or through the Platform.