Privacy Policy

One Hot Yoga ("we", "us", "our") operates the website nippocrat.com and the physical studio services offered under the Nippocrat brand. We take your privacy seriously and are committed to protecting the personal information you share with us. This Privacy Policy explains, in plain language, what data we collect, why we collect it, how we store it and the choices available to you.

This policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are located outside Australia, please be aware that information you provide may be transferred to and processed in Australia, where data-protection laws may differ from those in your jurisdiction.

1. Information We Collect

We collect personal information only when it is reasonably necessary for the services we provide. The categories of data we may gather include:

• Identity details — your full name, date of birth and gender, provided when you create an account, book a class or purchase a membership.
• Contact details — email address, phone number and postal address, used to confirm bookings, send receipts and respond to enquiries.
• Health information — any injuries, medical conditions or pregnancy status you voluntarily disclose so our instructors can adapt sessions to your needs. We treat health data with the highest level of care and never share it with third parties for marketing purposes.
• Payment information — credit or debit card details processed through our PCI-compliant payment gateway. We do not store full card numbers on our own servers.
• Technical data — IP address, browser type, operating system, referring URL and pages visited, collected automatically through server logs and cookies when you browse nippocrat.com.
• Communications — the content of emails, contact-form submissions and live-chat messages you send us.

2. How We Use Your Data

We process personal information for the following purposes:

• Administering class bookings, memberships and payments.
• Personalising your studio experience, including adjusting classes for disclosed health considerations.
• Sending transactional emails such as booking confirmations, receipts and schedule changes.
• Communicating promotional offers, studio news and wellness content — only where you have opted in to receive marketing.
• Improving our website, analysing usage patterns and diagnosing technical issues.
• Meeting legal and regulatory obligations, including record-keeping and responding to lawful requests from authorities.

3. Data Sharing

We do not sell your personal information. We may share data with trusted service providers who assist us in operating the website and delivering our services, including:

• Payment processors that handle transactions on our behalf.
• Email and SMS platforms used to deliver booking confirmations and, where you have consented, marketing communications.
• Cloud-hosting providers that store data in secure, Australian-based or internationally accredited data centres.
• Analytics services that help us understand website traffic in aggregate form.

Each provider is contractually required to protect your information and use it only for the purpose for which it was disclosed. We may also disclose information where required by law, court order or to protect the safety of our community.

4. Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Essential cookies keep the site functional — for example, remembering your session while you navigate between pages. Analytics cookies help us measure visitor numbers and popular content so we can improve the site. You can manage your cookie preferences at any time using the settings button at the bottom of every page. For full details, please see our Cookie Policy.

5. Your Rights

Under the Australian Privacy Principles you have the right to:

• Access the personal information we hold about you and request a copy.
• Correct any data that is inaccurate, incomplete or out of date.
• Opt out of direct marketing at any time by clicking the unsubscribe link in any email or contacting us directly.
• Request deletion of your personal data, subject to any legal obligations that require us to retain certain records.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

To exercise any of these rights, email us at one@nippocrat.com. We will respond within 30 days.

6. Data Retention

We retain personal information only for as long as it is needed to fulfil the purpose for which it was collected, or as required by law. Booking and payment records are kept for seven years to comply with Australian taxation requirements. Marketing preferences are retained until you withdraw consent. When data is no longer required, it is securely deleted or de-identified.

7. Security

We employ industry-standard safeguards to protect your information, including encrypted connections (TLS/SSL) for all data transmitted between your browser and our servers, restricted access controls for staff, and regular security reviews. Despite these measures, no method of electronic transmission or storage is completely secure. If you become aware of any unauthorised access to your account, please notify us immediately at one@nippocrat.com.

8. Contact

If you have questions about this Privacy Policy or wish to make a complaint, please contact our privacy officer:

• Email: one@nippocrat.com
• Website: nippocrat.com

9. Updates to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will post the updated policy on this page and revise the "Last updated" date at the top. We encourage you to review this page periodically. Your continued use of nippocrat.com after any changes constitutes acceptance of the revised policy.