Privacy Policy

What we collect, and what we don’t.

How NYSF handles your account info, booking data, and the few things we share with the services that help us run.

Last updated May 9, 2026

What we collect

To run NYSF as a members' building, we collect:

• Account info — name, email, phone, profession (e.g. "hair stylist"), to confirm you're a working professional.
• Booking history — which studio, when, how long, what you paid. We use this to manage availability, send confirmations, and surface remaining pack hours in your portal.
• Authentication tokens — short-lived magic-link tokens that let you sign in without a password.
• Behavioral data — pages you view on this site and tour requests you submit, via our marketing platform (GoHighLevel / LeadConnector). This helps us follow up on inquiries.

We do not store credit-card data. Card processing is handled by Square; we only see the last four digits and a token Square uses to charge it.

Sub-processors

Services we share data with to provide NYSF:

• Supabase — database + magic-link authentication
• Square — payment processing
• Resend — transactional email (booking confirmations, magic links)
• Twilio — text notifications (door-code reminders, tour confirmations)
• GoHighLevel / LeadConnector — CRM & marketing automation

Sub-processor list to be confirmed by Dave at infrastructure cutover. Review

How long we keep it

Booking history is retained for 7 years for tax and accounting purposes. Account info is retained while your account is active and for 90 days after closure, then deleted unless we're required to keep it longer by law. Magic-link tokens expire and are deleted within 24 hours.

Cookies & pixels Review

This site uses essential cookies for authentication and a tracking pixel from GoHighLevel for marketing. You can disable cookies in your browser, but you won't be able to sign in to the member portal.

Your rights

You can:

• Request a copy of the data we hold about you.
• Correct anything that's wrong.
• Delete your account (and the data attached to it, subject to retention rules above).
• Opt out of marketing email at any time via the unsubscribe link.

Email privacy@nystudiofactory.com for any of the above.

California & EU residents Review

If you're a resident of California (CCPA) or the EU/UK (GDPR), additional rights apply. Specific notice language to be added by counsel.

Changes

If we materially change how we handle your data, we'll email active members and post the change date at the top of this page.

Contact

Privacy questions: privacy@nystudiofactory.com.