Privacy Policy

Last updated: 04/15/2025

Introduction

This Privacy Policy outlines how your data is collected and handled when you visit our website. Henceforth, "we", "us", and "our" refer to All Around Fitness Studio, LLC and its staff.

1. Collection

Certain data is collected implicitly and some is collected explicitly. Data that is collected implicitly is data that we do not specifically request, it is done automatically by the hosting server for its functionality. Data that is collected explicitly typically requires explicit consent to be shared with us.

What We Collect

• IP addresses: Used for server request handling and logging. It is not explicitly collected.
• Pages visited: Used for handling page delivery. It is not explicitly collected outside of a visitor count. The visitor count is provided as a function of our CMS software, Grav.
• Name: Collected when you use the "contact us" form. It is collected with explicit consent, you have no obligation to use the form or your real name.
• Email address: Collected when you use the "contact us". It is collected with explicit consent, you have no obligation to use the form or your real email.
• Basic browser details: Collected automatically when you visit our site. It is not explicitly collected.

What We Do Not Collect

• Personally identifiable information: Outside of the contact form which requires your explicit input to be processed, we do not go out of our way to collect your name, phone number, email address, mailing address, or any other identifiable information on this website.
• Tracking information: We do not use cookies or other tracking technologies, either or own or through third parties, to collect information about your browsing habits beyond this website. On this website, we only track that you visited and do not collect specific information about pages you visit, for how long, and what media you look at.
• Advanced analytics: We do not use any analytics technologies, third party or otherwise. The backend software used by this website can track visitor count, but it does not include specific information.
• Location data: Beyond your IP address, which is not explicitly collected, we do not use location services to identify your physical location.
• Device or browser information: Beyond what is required for the site's function, we do not collect information about what device or web browser you use to visit the site.

2. Use of Data

Both implicitly and explicitly collected data is used in certain ways to provide functionality and services, but only explicitly collected data is directly used by us.

• Implicitly collected data (IP address, page/media viewed, device screen size, etc.) is only only used to facilitate the proper operation of the website, such as page delivery, properly scaled page rendering, and photo and video loading. We do not use it in any other way. It is not shared with nor sold to third parties.
• Name and email: This is used to address back to you in communications. It is not sold nor shared with third parties
• Visitor count: We primarily use this information internally only and it does not contain personally identifiable information about any of the visitors.

3. Security of Your Data

We take security very seriously. Only the most up-to-date protocols and algorithms are employed when you access our frontend or when we access our backend.

• Modern TLS is used when you access our server. We only support the most secure TLS 1.2 ciphers and TLS 1.3 to prevent downgrade attacks. We also use a TLS certificate based on NIST EC P-256 (aka prime256v1 or secp256r1) instead of the aging RSA algorithm for efficiency and security futureproofing.
• Modern SSH cipher suites and key exchanges are used by us on our backend servers for maximum login security. Similar to TLS, only the most modern and secure algorithms are used to prevent downgrade attacks. We use Ed25519 keys for logins.
• Internal security policies are in place within our server to mitigate breaches and remote takeovers of our server. Even in the event of a breach, damage would be minimal, as we do not collect sensitive information to begin with.

4. Handling of Your Data

We comply with US data retention laws and are guided by international laws of similar purpose. We retain your contact information only as long as necessary to fulfill your requests, unless you request deletion.

5. Deletion of Your Data

You are free to request explicitly collected data to be deleted at any time. You may use any contact method, so long as it provides a method to identify yourself, to make this request. Afterwards, we will scrub through all of our records to remove your information from our records, including the deletion request.