Privacy Policy

Who we are

OneLead ("we", "us") builds tools that help fitness studios run their business on Mindbody. This policy explains what information we collect when you use onelead.io and its subdomains, and what we do with it. Questions: [email protected].

What we collect

• Account information. When you sign up: your email address, your studio's name, and the subdomain you choose. We verify your email before your account is created.
• Your studio's Mindbody data. When you connect your Mindbody site, we access the data needed to provide the features you use — for the Scheduler, that's your class types, schedules, locations, and staff list. We access it through Mindbody's API with your authorization, use it only to provide the service, and you can disconnect at any time.
• Updates-list email addresses. If you join the "notify me" list on our site, we store your email so we can send you occasional product updates. Every email includes an unsubscribe link, and unsubscribing is immediate.
• Operational data. Standard server logs (IP address, request details) and the records the service creates as you use it, kept for security, debugging, and support.

Cookies and similar tech

• Essential cookies keep you signed in and secure your session. They're required for the app to work.
• Cloudflare Turnstile protects our public forms from bots.
• We do not use third-party advertising cookies or cross-site trackers. If we add website analytics, we'll use a cookieless option.

How we use information

To provide and improve the service, send transactional email (verification, receipts, service notices), send marketing email you've opted into, respond to support requests, and keep the platform secure. We do not sell your personal information, and we don't share it with third parties for their own marketing.

Service providers

We rely on a small set of providers to run OneLead, and they process data only on our instructions: Cloudflare (network security, content delivery, bot protection), DigitalOcean (hosting), Twilio SendGrid (email delivery), and Mindbody (per the connection you authorize). When paid billing begins, payments will be handled by a dedicated payment processor — we never store your card details ourselves.

Retention and deletion

We keep your data while your account is active. If you close your account (or ask us at [email protected]), we delete your studio's data from our active systems within 30 days; copies in encrypted backups age out on our normal backup cycle. We may retain minimal records where the law requires it (e.g., billing records).

Security

Data is encrypted in transit, access is restricted, and tenant data is isolated per studio. No system is perfectly secure, but protecting studio data is a design constraint of the platform, not an afterthought.

Your choices

You can access and update your account information in the app, unsubscribe from marketing email with one click, disconnect Mindbody at any time, and request a copy or deletion of your data by emailing [email protected].

Scope

OneLead is a business tool for studio owners and their staff, offered to businesses in the United States. It is not directed to children, and we don't knowingly collect information from anyone under 18.

Changes and contact

If this policy changes materially, we'll email account holders before the change takes effect. Contact: [email protected] · OneLead, 1032 E Brandon Blvd, PMB 7620, Brandon, FL 33511.