The Body Refinery®

Legal

Privacy Policy

Last updated: May 29, 2026

The Body Refinery® ("we," "us," or "our") is committed to protecting your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. This policy explains what information we collect, how we use it, and your rights as a client.

1. Information We Collect

When you create an account or make a booking, we collect:

  • Identity information: first name, last name
  • Contact information: email address, phone number (if provided)
  • Booking information: services booked, appointment dates and times, package purchases, session history
  • Payment information: payment is processed by Stripe — we do not store your card number, expiry, or CVV on our servers
  • Health information: any medical details or contraindications you disclose for treatment purposes
  • Communications: emails and messages you send to us

2. How We Use Your Information

We use your information to:

  • Create and manage your client account
  • Process bookings and payments
  • Send appointment confirmations, reminders, and receipts
  • Sync appointments to Google Calendar (if connected)
  • Maintain client notes and service history for your benefit
  • Communicate with you about your bookings or our services
  • Comply with legal and regulatory obligations

We do not use your information for automated profiling or sell your data to third parties for marketing purposes.

3. How We Share Your Information

We share your information only with trusted service providers necessary to operate our platform:

  • Supabase — our database provider (data stored in Canada/US)
  • Stripe — payment processing (PCI DSS compliant)
  • Resend — transactional email delivery
  • Google — calendar sync (only if you book and Google Calendar is enabled)
  • Vercel — platform hosting

Each provider is bound by their own privacy policies and data processing agreements. We do not share your information with any other third parties without your consent, except as required by law.

4. Data Retention

We retain your personal information for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and maintain business records. If you request deletion of your account, we will remove your personal information within 30 days, subject to any legal retention requirements.

5. Security

We implement industry-standard security measures to protect your information, including encrypted connections (HTTPS), access controls, and secure database storage. Payment information is handled exclusively by Stripe and is never stored on our servers.

While we take reasonable precautions, no system is completely secure. We encourage you to use a strong, unique password for your account.

6. Cookies & Tracking

Our booking platform uses session cookies necessary for authentication and platform functionality. We do not use tracking cookies, advertising pixels, or analytics tools that share your data with third parties.

7. Your Rights

Under PIPEDA and applicable Canadian privacy law, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Withdraw consent to certain uses of your information
  • Request deletion of your account and personal data
  • File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at info@thebodyrefinery.ca. We will respond within 30 days.

8. Children's Privacy

Our services and platform are intended for adults aged 18 and over. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of our platform after any changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or to exercise your rights, please contact our Privacy Officer at info@thebodyrefinery.ca.

Terms of Service·Privacy Policy·Cancellation Policy