Privacy Policy

Last updated: June 25, 2026

1. Introduction

Kourted ("we," "us," or "our") operates the Kourted website at kourted.com and the Kourted mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information You Provide

  • Account information: name, email address, phone number, and profile details when you create an account.
  • Phone number and SMS: if you provide your mobile phone number, we may send you text messages (SMS) related to your account and activity, such as booking confirmations, schedule changes, class cancellations or rescheduling, waitlist updates, class or program sign-up notifications, and other transactional or service messages. We send SMS only to numbers that have been provided for this purpose. Message and data rates may apply, and message frequency varies. You can opt out of SMS at any time by replying STOP, and reply HELP for help.
  • Payment information: when you make a payment, we collect billing details such as your name, billing address, and payment method type. Depending on how you pay, this may include credit or debit card details, bank account information (for ACH transfers), Apple Pay, Google Pay, or Link credentials. All payment information is processed securely through Stripe — we do not store your full card numbers, bank account numbers, or payment credentials on our servers.
  • Club and membership data: organizations you join, memberships, bookings, class registrations, dates of birth provided for membership registration, and related activity.
  • Class registration and health information: when you register yourself or others for a class, you may provide participant names, an emergency contact (name, phone, email, and relationship), and health information such as allergies, medical conditions, or related notes. We use this information solely to administer your registration and to support participant safety during in-person activities, and we share it only with the Club running the class. We do not use health information for advertising or marketing.
  • Communications: messages, feedback, or support requests you send us.

Information Collected Automatically

  • Device information: basic technical details such as device type and operating system, used to deliver and troubleshoot the Service.
  • Push notification identifiers: if you opt in to receive notifications, we store a push token so we can deliver them.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process payments and manage bookings.
  • Send transactional notifications (e.g., booking confirmations, schedule changes).
  • Send SMS / text messages related to your account and activity (e.g., booking confirmations, schedule changes, and class or program sign-up notifications) to the mobile number you provide.
  • Send push notifications you have opted in to receive.
  • Improve and personalize your experience.
  • Respond to support requests and communicate with you.
  • Detect and prevent fraud or abuse.
  • Comply with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share data with:

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. We do not sell, rent, or share your mobile phone number or your SMS / text messaging consent (opt-in) data with any third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent are never shared with any third party. Phone numbers collected for SMS are used only to deliver the messages you have consented to receive, and are shared only with our SMS delivery provider (Twilio) for the sole purpose of sending those messages on our behalf.

  • Club organizers: your name, membership status, and booking activity are visible to the clubs and organizations you join through the Service.
  • Payment processors: Stripe processes your payment information — including card, bank account, Apple Pay, Google Pay, and Link transactions — under their own privacy policy.
  • Service providers: hosting (Vercel), database and authentication (Supabase), sign-in providers you choose to use (Apple, Google), push-notification delivery (Expo, Apple APNs, and Google FCM), and SMS / text message delivery (Twilio) that help us operate the Service, bound by confidentiality obligations.
  • Legal compliance: when required by law, regulation, or legal process.

5. Data Storage and Security

Your data is stored on secure servers provided by Supabase and Vercel. We use industry-standard security measures including encryption in transit (TLS) and at rest. While no system is perfectly secure, we take reasonable steps to protect your information.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. When you delete your account, we permanently delete your personal data, except where we are required to retain certain information to comply with legal, tax, accounting, or regulatory obligations, to resolve disputes, or to enforce our agreements. Payment and transaction records may be retained by our payment processor (Stripe) as required by law.

7. International Data Transfers

We are based in the United States, and our service providers (including Supabase and Vercel) store and process data on servers located in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for these transfers.

8. Your Rights and Choices

  • Access and update: you can view and edit your profile information within the app at any time.
  • Delete your account: you can request account deletion from within the app. Deletion permanently removes your personal data, except where retention is required by law.
  • Notifications: you can manage or disable push notifications through your device settings or in-app notification preferences.
  • Data portability: you may request a copy of your data by contacting us.

9. Your GDPR Rights (EEA and UK)

If you are located in the European Economic Area or the United Kingdom, you have the right to access, correct, or delete your personal data; to restrict or object to processing; to data portability; and to withdraw consent at any time. The legal bases on which we process your data are: performance of our contract with you (to provide the Service); your consent (for example, push notifications and any health information you choose to provide); our legitimate interests (to operate, secure, and improve the Service); and compliance with legal obligations.

To exercise these rights, contact us using the details in the "Contact Us" section. You also have the right to lodge a complaint with your local data protection supervisory authority.

10. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it; to request access to and deletion of your personal information; to correct inaccurate information; and not to be discriminated against for exercising these rights. The categories of personal information we collect and our purposes are described in this policy.

We do not sell or share your personal informationas those terms are defined under California law, and we do not use sensitive personal information (such as health information) for purposes other than providing the Service. To exercise your rights, contact us using the details in the "Contact Us" section.

11. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information directly from children under 13. Some features (such as family memberships or class registrations) allow an adult account holder to provide information about minors, including names and dates of birth. The adult who provides this information is responsible for it and confirms they are authorized to share it. If we become aware that we have collected data from a child under 13 other than as provided by a parent or guardian, we will delete it promptly.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or your data, you can contact us at:

Email: support@kourted.com