Privacy Policy

Sanvion Inc. — Effective April 13, 2026 — Version 1.0

Quick summary: We collect information you provide to personalise your wellness experience. We never sell your personal data. You can request deletion at any time — privacy@sanvion.ca.

1. Information We Collect

  • Account info: name, email, phone, date of birth, city.
  • Onboarding data: fitness goals, experience level, modalities, health conditions (optional).
  • Identity verification documents (government ID — deleted after 1 year).
  • Payment info: processed by Stripe; Sanvion does not store full card numbers.
  • Usage data: pages visited, features used, session duration.
  • City-level location for gym pass locator (no precise GPS without consent).

2. How We Use Your Data

  • To create and manage your account and verify your identity.
  • To power AI-based tier matching from your onboarding responses.
  • To facilitate bookings, scheduling, and coach-member communications.
  • To process payments and send billing notifications.
  • To personalise content recommendations based on your subscription tier.
  • To send transactional emails (OTPs, confirmations, receipts) via Resend.
  • To comply with legal obligations.

3. AI-Based Processing

SANVION uses an automated algorithm to analyse your onboarding answers and recommend a subscription tier. This is informational only. You may request human review of any automated decision by contacting privacy@sanvion.ca.

4. Who We Share Data With

  • Upstash Inc. — database storage.
  • Vercel Inc. — application hosting.
  • Stripe Inc. — payment processing.
  • Resend Inc. — transactional email.
  • Jumio / Onfido — identity verification.
  • Google LLC — authentication and maps.
  • We do NOT sell your personal data.

5. Data Retention

  • Account data: retained while active; deleted within 90 days of closure.
  • Booking records: 3 years.
  • Payment records: 7 years (financial compliance).
  • Identity documents: 1 year post-verification, then deleted.

6. Your Rights

  • Access, correction, and deletion of your personal data.
  • Data portability in machine-readable format.
  • Opt-out of marketing at any time.
  • Withdraw consent without affecting prior processing.

To exercise rights: privacy@sanvion.ca

7. Security

We use TLS encryption in transit and at rest, access controls, and regular security assessments. Session tokens are stored in Upstash Redis with expiry. We will notify you promptly in the event of a breach.

8. Cookies

  • Strictly necessary: authentication and sessions — cannot be disabled.
  • Analytics: usage tracking — opt out via cookie banner.
  • Preference: settings — can be disabled.

9. California (CCPA) Rights

California residents may request to know, delete, correct, and opt out of sale of personal information. Sanvion does not sell personal data. Email: privacy@sanvion.ca with subject "CCPA Request."

10. EEA / UK (GDPR) Rights

EEA and UK users have additional rights including data portability and the right to lodge a complaint with a supervisory authority. Data transfers to the US are safeguarded via Standard Contractual Clauses. DPO contact: dpo@sanvion.ca.

11. Contact

Privacy inquiries: privacy@sanvion.ca | DPO: dpo@sanvion.ca | Sanvion Inc.

← Terms & ConditionsBack to Home