MartialMembers.ai
Legal · Privacy

Privacy policy

How MartialMembers.ai collects and uses personal data, who we share it with, how long we keep it, and the rights you have under UK GDPR.

Last updated: 9 May 2026

1. Who we are

MartialMembers.ai ("we," "us") is a martial-arts CRM operated from the United Kingdom. We provide academy management software that martial-arts schools use to run memberships, classes and payments.

For the purposes of UK GDPR:

  • When you visit this website or join the waitlist: we are the data controller of any information you share.
  • When you use a school’s member app: the school is the data controller; we are a processor acting under a written agreement with that school.

Contact us about anything in this policy at info@martialmembers.com.

2. What we collect

The data depends on which surface you’re on:

  • Member app (iOS / Android / web): name, email, phone, postal address, date of birth, emergency contact, signed waiver, attendance and booking history, membership and payment records, push-notification device token. Optional: Face ID / Touch ID / fingerprint enrolment for biometric sign-in (the biometric template never leaves your device, only an opaque refresh token is stored locally for unlock).
  • School / academy CRM: account-holder name, email, phone, role, login activity, content you author (announcements, templates, replies).
  • Marketing website (martialmembers.ai): pages you visit, IP address, browser, referrer, the contact details you submit on the waitlist form. We use Plausible for cookieless analytics, and may use Meta Pixel and Google Ads conversion tags where consent has been given.
  • Payment data (card numbers, bank details) is collected directly by our payment partners, see "Sharing" below. We never see or store full card details on our servers.

3. Why we use it

  • To run your account / membership. Logging classes, taking payments, sending booking confirmations, managing waivers, the core service. Legal basis: contract.
  • Service-level communications. Booking confirmations, payment receipts, mandate notifications, password resets, security alerts. Legal basis: contract / legitimate interests.
  • Marketing communications. Newsletters, product updates, retention nudges. Sent only with explicit opt-in. Legal basis: consent, withdraw any time.
  • Push notifications. Class reminders, schedule changes, important account events. Permission is requested at the OS level; you can revoke it from your device settings. Legal basis: consent.
  • Security and fraud prevention. Rate-limiting, signature verification on incoming webhooks, refresh-token rotation, audit logs. Legal basis: legitimate interests.
  • Legal record-keeping. Tax records, signed liability waivers. Legal basis: legal obligation.

4. Who we share with

We use the following sub-processors, all bound by data-processing agreements that pass through our obligations to you:

  • Stripe Payments UK Ltd., card processing and recurring billing. Stripe sees card numbers; we don’t.
  • GoCardless Ltd.. UK Direct Debit collection.
  • Twilio Inc., outbound SMS and WhatsApp.
  • Resend Inc., outbound transactional and marketing email.
  • Apple Push Notification service and Google Firebase Cloud Messaging , delivering push notifications to your device.
  • Anthropic Inc., the Claude AI models that power our agents (member-portal AI replies, retention scoring, weekly digest). Prompts are processed but not used to train Anthropic’s models.
  • Meta Platforms Ireland Ltd., only when a school connects its Meta Lead Ads to import leads, or for optional marketing-site conversion tracking.
  • Hostinger International Ltd.. UK / EU data centre hosting our application servers and database.

We do not sell personal data, and we do not share it with anyone outside the list above without your instruction or a clear legal requirement.

5. Where data lives

Application servers and the primary database are hosted in the United Kingdom / European Union. Some sub-processors (e.g. Stripe, Twilio, Anthropic, Meta) may transfer data to the United States under the EU-US Data Privacy Framework or Standard Contractual Clauses, both UK-recognised transfer mechanisms.

6. How long we keep it

  • Active accounts: for as long as your account exists.
  • Deleted accounts: personal details (name, email, phone, address) are removed within 7 days of deletion.
  • Financial records (transactions, invoices, payments): retained for 7 years to meet HMRC record-keeping rules. Names are removed once the account is deleted; the records remain as anonymous ledger entries.
  • Signed waivers: retained for the relevant limitation period (currently 6 years from the end of the membership) as injury-liability evidence. Waiver content is retained verbatim; identifying details are removed if the account is deleted earlier.
  • Server logs and security audit trails: retained for up to 180 days.

7. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have it corrected if it’s wrong;
  • have it deleted ("right to be forgotten");
  • have processing restricted in certain cases;
  • port your data to another provider;
  • object to processing based on legitimate interests;
  • withdraw consent for marketing or analytics any time.

The fastest way to delete your account is in-app: Account → Delete account. You can also email us at info@martialmembers.com for any of the above. We respond within 30 days.

If you’re unhappy with how we’ve handled your data, you can complain to the UK Information Commissioner’s Office at ico.org.uk.

8. Cookies and similar tech

The marketing site at martialmembers.ai uses the minimum cookies needed to render the site, plus Plausible (which is cookieless), plus Meta Pixel and Google Ads conversion tags only after you give consent via the cookie banner.

The CRM and member app use first-party storage (localStorage and Capacitor Preferences) for session state, refresh tokens, last-viewed participant, theme preference. None of this is shared with anyone.

9. Children

Children under 13 do not create their own account in the member app. A parent or guardian holds the household account and adds under-13 children as participants on it; the parent provides any consent required for the child’s data to be processed by the school.

10. Changes to this policy

We’ll update this page if our practices change and post the new "Last updated" date at the top. Material changes that affect how we use personal data will trigger an in-app notice and, where required, a fresh consent prompt.

11. Contact

MartialMembers.ai · United Kingdom
Email: info@martialmembers.com

Need our terms of service? Coming soon.