⚠️ Placeholder — not legal advice. This document has not been reviewed by counsel and must be replaced with a legally vetted policy before production launch.
Effective date: 29 May 2026
MyYoga.Guru is an all-in-one scheduling and business platform for solopreneurs and small teams. We are operated by Crafted XP Pty Ltd ("we", "us", "our"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.
By using MyYoga.Guru — whether as a tenant (a business owner who runs their practice on our platform) or as a visitor booking an appointment or interacting with a tenant's public pages — you agree to the practices described in this policy.
Account data. When you sign up as a tenant, we collect your name, email address, and a hashed password (managed through AWS Cognito). If you sign in with Google, we receive your Google account name, email, and a profile photo.
Business and booking data. Tenants provide information about their offerings, availability calendars, and customer-facing content. When visitors make bookings, we collect the visitor's name, email address, and the details of the appointment (date, time, service type). This data is stored in DynamoDB on behalf of the tenant and is logically isolated per tenant.
Payment information. Payments are processed entirely by Stripe. MyYoga.Guru does not store full card numbers or CVVs. We receive confirmation of payment outcomes (e.g. successful, failed) and Stripe customer/payment-method identifiers for record-keeping.
Social-platform tokens. When a tenant connects a social media account (e.g. Meta/Facebook, Instagram) through MyYoga.Guru's social publishing feature, we receive and store OAuth access tokens and page/profile identifiers. These tokens are encrypted at rest using AWS KMS and used solely to publish content on the tenant's behalf.
Technical data. We collect standard server and application logs including IP addresses, browser user-agent strings, request timestamps, and error traces. This data helps us diagnose issues and protect the service.
We use your data to provide the MyYoga.Guru service: creating and managing your account, rendering your public-facing landing page, processing bookings and payments, sending transactional notifications (booking confirmations, reminders, receipts), and hosting your email inbox.
Where you have enabled AI features, your content (e.g. calendar data, customer queries, knowledge-base text) may be passed to third-party AI providers to generate responses. See the Third Parties section for details.
We also use data for security and fraud prevention (detecting abuse, unauthorized access, and spam) and for aggregate, anonymized product analytics to understand how the platform is used and improve it.
We share data with the following service providers only to the extent necessary to operate MyYoga.Guru. Each is governed by their own privacy policy.
We do not sell personal data to third parties, and we do not share data with advertisers.
Tenant account data and associated business data are retained while the account is active. When an account is closed or deleted, data is marked for deletion and purged within 30 days, except where we are required to retain it for legal or tax purposes.
Social-platform access tokens are encrypted at rest and deleted automatically when the tenant disconnects the integration from their settings. Revocation via the social platform's own settings will also invalidate the token.
Application and server logs are retained for approximately 30 days for security and diagnostic purposes, after which they are automatically purged.
Depending on your jurisdiction, you may have the following rights in respect of your personal data:
To exercise any of these rights, email us at hi@myyoga.guru. We will respond within 30 days. If you are in the EU/EEA or UK, you also have the right to lodge a complaint with your local data protection authority.
MyYoga.Guru is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us at hi@myyoga.guru and we will delete it promptly.
MyYoga.Guru's primary infrastructure is hosted in Australia (AWS Sydney region). If you are accessing MyYoga.Guru from outside Australia, your data may be transferred to and processed in Australia, which may have different data protection laws than your country.
When data is shared with third-party service providers (e.g. OpenAI, Stripe, Meta) those providers may process data in their own regions. We rely on each provider's standard contractual clauses or equivalent transfer mechanisms where applicable.
We take reasonable technical and organisational measures to protect your data. All data in transit is encrypted using TLS. Sensitive values (such as social-platform OAuth tokens) are encrypted at rest using AWS KMS. Access to production systems is restricted to authorised personnel.
No system is perfectly secure. If you discover a security vulnerability, please disclose it responsibly by emailing hi@myyoga.guru.
If you have any questions or concerns about this policy or how we handle your data, please contact us at: hi@myyoga.guru.
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will notify tenants by email or via a notice in the MyYoga.Guru dashboard. Continued use of MyYoga.Guru after a change takes effect constitutes acceptance of the updated policy.
This policy is effective as of 29 May 2026.