Privacy Policy

Effective Date: February 1, 2025 | Last Updated: February 1, 2025

1. Introduction

Bakersfield Gymnastics Academy ("BGA," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services, including our financial management system that integrates with Plaid for bank account connections.

Please read this Privacy Policy carefully. By using our services, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, username, password (stored as encrypted hash), role and permissions
  • Financial Information (when using Plaid integration): Bank account connection data, transaction data from connected bank accounts, account balances and financial information
  • Student and Family Information: Student names, dates of birth, contact information, family information and relationships, enrollment and class information
  • Other Information: Information you provide in forms, surveys, or communications

2.2 Information Collected Automatically

When you use our services, we automatically collect certain information:

  • Usage Data: IP address, browser type and version, device information, pages visited and time spent, access times and dates
  • System Logs: Login attempts and authentication events, system access logs, error logs and system events

2.3 Information from Third Parties

Plaid Integration: When you connect your bank account through Plaid, Plaid collects and shares with us bank account information, transaction data, account balances, and institution information.

Note: Your bank login credentials are never shared with us. Plaid handles bank authentication securely, and we only receive transaction data and account information.

3. How We Use Your Information

We use the information we collect to:

  • Provide and Improve Services: Process and manage your account, provide financial management and reporting services, sync and import bank transactions, generate financial reports and analytics
  • Security and Compliance: Authenticate users and prevent fraud, monitor for security threats, comply with legal and regulatory requirements
  • Communication: Send you important notices about our services, respond to your questions and requests, provide customer support
  • Legal Compliance: Comply with applicable laws and regulations, respond to legal process and requests

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share information with Plaid to facilitate bank account connections and transaction syncing. Plaid's use of your information is governed by Plaid's Privacy Policy.
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • With Your Consent: We may share information with your explicit consent

5. Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted, including user passwords (bcrypt hashed) and Plaid access tokens (AES-256-CBC encrypted). All Plaid API consumer data is encrypted at rest.
  • Access Controls: Role-based access control limits who can access your information. Authentication required for all system access.
  • Security Measures: Regular security updates and patches, vulnerability scanning and monitoring, secure database storage with restricted access

Note: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Financial Data: Banking transactions retained for 7 years (IRS requirements), financial reports for 7 years
  • Account Information: User accounts retained while active, deleted upon request. Student records retained per educational record retention requirements (typically 7 years)
  • System Data: System logs and access logs retained for 1 year, audit trails for 7 years

For more details, see our Data Retention and Disposal Policy.

7. Your Rights and Choices

You have certain rights regarding your personal information:

  • Access: Request access to your personal information and a copy of your data
  • Correction: Update or correct your information through your account settings
  • Deletion: Request deletion of your account and personal information (note: some information may be retained for legal compliance, e.g., 7-year tax retention)
  • Opt-Out: Disconnect bank accounts through Plaid Link or deactivate your account
  • Data Portability: Request export of your data in a portable format

To exercise these rights, contact us at: matt@bakersfield.academy

8. Plaid Integration

When you connect your bank account through Plaid:

  • What Plaid Collects: Your bank login credentials (handled securely by Plaid, never shared with us), bank account information, transaction data
  • What We Receive: Transaction data (amounts, dates, descriptions), account information (account name, type, balances), connection status
  • Your Bank Credentials: Your bank login credentials are never stored on our servers. Plaid handles authentication securely using bank-level encryption. You can disconnect your bank account at any time.
  • Plaid's Privacy Policy: Plaid's collection and use of your information is governed by Plaid's Privacy Policy. We encourage you to review it.
  • Disconnecting: You can disconnect your bank account at any time through our application. Disconnection immediately revokes our access to your bank data. Historical transaction data already imported will be retained per our data retention policy.

9. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed (we do not sell personal information)
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising your privacy rights

To exercise your California privacy rights, contact us at: matt@bakersfield.academy

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and sending you an email notification (if we have your email address).

Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

12. International Users

Our services are operated in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our services, you consent to the transfer of your information to the United States.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bakersfield Gymnastics Academy
Attn: Privacy Policy
Email: matt@bakersfield.academy

For Data Deletion Requests:
Contact: matt@bakersfield.academy

For Security Concerns:
Contact: matt@bakersfield.academy

14. Consent

By using our services, you consent to:

  • The collection and use of your information as described in this Privacy Policy
  • The processing of your financial data for transaction management and reporting
  • The sharing of information with Plaid as necessary to provide bank connection services
  • The retention of your data per our data retention policy

You may withdraw your consent at any time by disconnecting your bank account, deactivating your account, or contacting us to request data deletion (subject to legal retention requirements).

This Privacy Policy is effective as of February 1, 2025.

Bakersfield Gymnastics Academy is committed to protecting your privacy and handling your data responsibly.