Security Notice

Last Updated: May 2026

Tōn Pilates LLC (“Tōn Pilates,” “we,” “our,” or “us”) values the trust of our clients and takes reasonable measures to help protect personal information shared through our website and booking systems. This Security Notice describes the safeguards we maintain and your role in helping to protect your information.

1. Payment Security

All payments for classes, memberships, class packs, private sessions, and merchandise are processed exclusively through trusted third-party providers, including Stripe and Momence. Payment card information is collected, transmitted, and stored by these third-party providers in accordance with their respective security standards (including PCI-DSS compliance), and is not collected, processed, or stored by Tōn Pilates on its own website or internal servers. Tōn Pilates does not have direct access to your complete payment card number, security code, or full account credentials.

2. Website Security

We take commercially reasonable administrative, technical, and physical safeguards to help maintain the security and integrity of our website and systems, including monitoring activity and applying platform-level protections where available. No online system, however, can be guaranteed completely secure, and Tōn Pilates does not warrant the absolute security of any information transmitted to or from this website.

2.1 Encryption and Transmission.

Our website is served over Hypertext Transfer Protocol Secure (HTTPS) using industry-standard Transport Layer Security (TLS) encryption, which helps protect information transmitted between your browser and our website. Booking, payment, and account information submitted through our third-party booking and payment platforms (Momence and Stripe) is transmitted using encryption protocols maintained by those providers.

2.2 Data Retention.

We retain personal information for only as long as is reasonably necessary to fulfill the purposes for which it was collected, to comply with applicable legal, accounting, or reporting obligations, or to resolve disputes and enforce our agreements. Booking and membership records may be retained for the duration of a client’s active membership and for a reasonable period thereafter to address tax, recordkeeping, and legal requirements. When personal information is no longer needed, we take commercially reasonable steps to delete, destroy, or anonymize it.

3. Third-Party Platforms

Tōn Pilates relies on reputable third-party vendors for certain business functions, including: (a) payment processing (Stripe and Momence); (b) class scheduling and booking (Momence); (c) email and communications (Mailchimp); (d) website analytics (Google); and (e) advertising and marketing tools (Meta and Google). Each such provider maintains its own security practices, certifications, and policies. While we engage providers we believe to be reputable, Tōn Pilates cannot guarantee or control the security practices of any external platform, and each provider’s collection, use, and protection of information is governed by its own terms and privacy and security policies.

4. User Responsibility

Users are responsible for maintaining the confidentiality of their own devices, login credentials, passwords, and account access information, and for promptly logging out of shared or public devices. We encourage clients to (a) use a strong, unique password for any Tōn Pilates booking or membership account, (b) avoid sharing login credentials with third parties, and (c) promptly notify Tōn Pilates of any suspected unauthorized access to or use of their account.

5. Breach Notification

In the event Tōn Pilates becomes aware of a breach of security involving the unauthorized acquisition or access of personal information, we will take prompt steps to investigate, contain, and remediate the incident, and will provide notice to affected individuals and to applicable governmental authorities as and to the extent required by applicable law, including, without limitation, the New York Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”).

6. Reporting Concerns

If you believe there has been unauthorized activity involving your information or account, or if you wish to report any other security concern, please contact us promptly at info@tonpilates.com. We will investigate and respond to verified reports as promptly as reasonably practicable.

7. Updates to This Notice

Tōn Pilates may update this Security Notice from time to time. The “Last Updated” date at the top of this notice reflects the date of the most recent revision. Continued use of the website following the posting of any update shall constitute acceptance of the revised Security Notice.