StudioCrew

Privacy Policy

Fitness Industry Sales LTD, trading as StudioCrew
Company registration number: 11101867
Registered office: 71-75 Shelton Street, London, Greater London, WC2H 9JQ
ICO registration number: ZB574641

Effective date: 3 May 2026
Last updated: 3 May 2026

Fitness Industry Sales LTD, trading as StudioCrew, respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data when businesses and their customers use StudioCrew, including our WhatsApp Business integration and AI-assisted messaging services.

StudioCrew is designed to help businesses manage customer conversations, respond to enquiries, and automate or assist replies through WhatsApp and related business communication channels.

1. Who this policy applies to

This policy applies to:

  • Businesses that register for or use StudioCrew.
  • Team members or staff members of those businesses.
  • Customers, leads, prospects, or members who communicate with a business using WhatsApp or other connected communication channels powered by StudioCrew.
  • Visitors to any StudioCrew or Fitness Industry Sales LTD websites, landing pages, or support channels.

For the purposes of UK data protection law, Fitness Industry Sales LTD acts in one of two capacities depending on the data involved:

Data controller — where we collect and use information about our own business customers, app users, website visitors, and account contacts. We determine the purpose and means of processing this data.

Data processor — where we process WhatsApp message content and customer conversation data on behalf of a business using StudioCrew. In this case, the business (our customer) is the data controller and we act on their instructions.

Where a business uses StudioCrew to communicate with its own customers via WhatsApp or connected channels, that business is the data controller for its customer data. Businesses are responsible for having a lawful basis to contact those customers and for maintaining their own privacy disclosures.

2. Information we collect

Business account information

When a business registers for StudioCrew, we collect and process:

  • Business name and trading name.
  • Contact name and role.
  • Business email address and phone number.
  • Registered business details.
  • WhatsApp Business Account information and Meta Business Manager connection details.
  • Billing and subscription information.
  • Support requests and account configuration details.

WhatsApp and messaging data

When StudioCrew is connected to WhatsApp Business or other communication channels, we process on behalf of the business:

  • Customer name, where provided.
  • Customer phone number and WhatsApp user identifier.
  • Message content sent to or from the business.
  • Message timestamps and conversation history.
  • Message delivery, read, and status information where available.
  • Attachments, images, audio, or media sent within a conversation.
  • Opt-in, opt-out, or consent status where applicable.
  • Tags, notes, summaries, or internal status fields created by the business or generated by StudioCrew.

This data is stored in our database hosted on Amazon Web Services (AWS) infrastructure located within the European Economic Area.

AI-generated or AI-assisted data

StudioCrew uses artificial intelligence to help businesses draft replies to customers. This may include:

  • AI-generated reply suggestions for human review before sending.
  • Conversation summaries.
  • Intent detection and lead qualification information.
  • Internal notes or recommended next actions.

To generate AI-assisted content, message content is transmitted to our AI provider (Anthropic PBC, United States) for processing. See Section 8 (International data transfers) for the safeguards in place for this transfer.

We do not use data obtained from connected third-party services — including WhatsApp message content, or data from integrated platforms such as Xero, Stripe, or HubSpot — to train, fine-tune, adapt, or improve any AI model. AI processing is performed only to deliver the StudioCrew service in response to business instructions.

Technical and usage data

We collect technical data to operate, secure, and improve our services, including:

  • IP address, browser type, device type, and operating system.
  • Log data, API request logs, and error logs.
  • App usage information and security and authentication records.

3. How we use information

We use personal data for the following purposes:

  • To provide the StudioCrew app and related services.
  • To connect businesses to WhatsApp Business and Meta services.
  • To send, receive, manage, and store WhatsApp messages on behalf of businesses.
  • To generate AI-assisted reply drafts, summaries, and conversation recommendations.
  • To help businesses respond to customer enquiries in context, using stored conversation history to ensure appropriate and consistent replies.
  • To manage account setup, onboarding, support, and billing.
  • To improve service reliability, security, and performance.
  • To detect, prevent, and investigate misuse, fraud, spam, or unauthorised access.
  • To comply with legal, regulatory, tax, accounting, and platform obligations.
  • To maintain audit logs and operational records.
  • To respond to customer support requests.
  • To respect opt-out, unsubscribe, or deletion requests.

We do not sell personal data.

4. WhatsApp and Meta data use

StudioCrew uses Meta and WhatsApp Business tools to allow businesses to communicate with customers through WhatsApp.

When a business connects StudioCrew to WhatsApp Business, we process WhatsApp-related data only as needed to provide the requested messaging, AI-assisted drafting, conversation history, and account management services.

We do not use WhatsApp message data for advertising purposes unrelated to the delivery of the StudioCrew service. We do not sell WhatsApp message content or customer contact details to third parties.

Businesses using StudioCrew are responsible for ensuring that they have the necessary permissions, lawful basis, and customer consent to contact individuals via WhatsApp or any other communication channel, in accordance with WhatsApp's Business Policy and applicable communications law.

5. Use of AI services

StudioCrew uses Anthropic PBC (United States) as its AI provider to process message content and generate reply drafts, conversation summaries, and recommendations.

Where AI services are used, message content is shared with Anthropic only as necessary to generate the requested output and to provide the StudioCrew service. Anthropic processes this data as a subprocessor under a Data Processing Agreement.

AI-generated content is used in one of the following ways depending on the business's settings:

  • Suggested replies presented to a staff member for review before sending.
  • Conversation summaries or internal notes visible only to the business.
  • Routing, tagging, or qualification decisions.

Businesses are responsible for reviewing and configuring how AI assistance is used in their account, and for ensuring that AI-assisted replies are appropriate for their customers.

We do not use WhatsApp message content or data from connected third-party integrations to train, fine-tune, or improve any AI model.

6. Lawful bases for processing

Where Fitness Industry Sales LTD acts as a data controller, we rely on one or more of the following lawful bases under UK GDPR:

  • Contract (Article 6(1)(b)): to provide StudioCrew services to our business customers and to manage our relationship with them.
  • Legitimate interests (Article 6(1)(f)): to operate, secure, improve, and support our services, and to protect against misuse and fraud.
  • Consent (Article 6(1)(a)): where consent is required, for example for certain marketing communications to business contacts.
  • Legal obligation (Article 6(1)(c)): where we must retain or process data to comply with applicable law, including tax and accounting obligations.

Where we process WhatsApp message and customer conversation data on behalf of a business, we act as a data processor and process that data only in accordance with the business customer's documented instructions, as set out in our Data Processing Agreement with that business.

7. Sharing information

We share personal data only where necessary to provide, secure, support, or improve the service, or where required by law.

Named subprocessors

The following third-party providers process personal data on our behalf as subprocessors. Each is engaged under a Data Processing Agreement or equivalent contractual safeguard:

SubprocessorPurposeLocation
Meta Platforms, Inc.WhatsApp Business message delivery and platform infrastructureUnited States / Global
Amazon Web Services (AWS)Database and file storage (EU region only)European Economic Area
Salesforce, Inc. (Heroku)Application hosting and backend infrastructureUnited States
Anthropic PBCAI-assisted message drafting and conversation analysisUnited States

We will update this list when we engage new subprocessors and will provide notice to affected business customers in accordance with our Data Processing Agreement terms.

We may also share data with professional advisers (legal, accountancy, insurance) where required, and with law enforcement or regulatory authorities where we are legally obliged to do so.

8. International data transfers

Our database and primary message storage are hosted on AWS infrastructure within the European Economic Area. Message content does not leave the EEA for storage purposes.

However, certain subprocessors (Meta, Salesforce/Heroku, and Anthropic) are based in or process data in the United States, which is outside the United Kingdom.

For these transfers, we rely on the following safeguards recognised under UK data protection law:

  • UK International Data Transfer Agreements (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, incorporated into our agreements with each US-based subprocessor.
  • Where an adequacy decision applies, we rely on that decision.

We take appropriate steps to verify that these safeguards remain in place and to assess the laws of the recipient country where required by UK GDPR Article 46.

9. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy.

Conversation and message data

WhatsApp message content and conversation history are retained for 24 months from the date of each message, on a rolling basis. Messages older than 24 months are automatically deleted regardless of account status.

On account closure, all conversation data associated with that account is deleted within 30 days.

Businesses can request earlier deletion of specific contacts' data or entire conversation threads at any time through the StudioCrew admin panel (see Section 10).

Account and billing records

Business account information and billing records are retained for as long as the account is active and for a further period as required by applicable tax and accounting law (typically 6 years under UK law).

Logs and technical records

Security, audit, and error logs are retained for 12 months and then deleted or anonymised.

Opt-out and suppression records

Records of opt-out or unsubscribe requests are retained indefinitely to ensure suppressed contacts are not messaged again.

10. Data deletion and member erasure requests

Studio admin — member erasure

Businesses using StudioCrew can delete a specific member's conversation history and contact data directly from the StudioCrew admin panel. This permanently removes the member's message content, phone number, and associated data from our systems within 30 days of the deletion request being confirmed.

This function is designed to allow businesses to fulfil their obligations as data controllers when a customer exercises their right to erasure under UK GDPR Article 17.

Requests to StudioCrew directly

Users and businesses can also request deletion of personal data by contacting:

support@fitphone.ai

Please include enough information for us to identify the relevant account, business, phone number, or conversation thread.

Where we act as a data controller (for business account data), we will review and respond to deletion requests in accordance with applicable data protection law within one month.

Where we act as a data processor for a business customer (for customer message data), we will refer the request to the relevant business or action it in accordance with that business's instructions under our Data Processing Agreement.

You may also request disconnection or removal of your StudioCrew integration from Meta or WhatsApp Business services by contacting us at the address above.

11. Customer opt-out rights

Customers who no longer wish to receive WhatsApp or other messages from a business using StudioCrew can reply with words such as:

STOP, UNSUBSCRIBE, OPT OUT, or a similar clear request.

Where supported, StudioCrew or the connected business will record this preference and cease further non-essential messages to that contact.

Some messages may still be sent where necessary to complete a requested service, respond to a direct enquiry, or comply with a legal obligation.

12. Security

We use appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest.
  • Access controls and authentication systems.
  • Secure cloud infrastructure within the EEA for message data storage.
  • Monitoring, logging, and anomaly detection.
  • Data minimisation and least-privilege access for staff and contractors.
  • Supplier due diligence and Data Processing Agreements with subprocessors.

No system can be guaranteed to be completely secure. In the event of a personal data breach affecting individual rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, where required under UK GDPR Article 33. Where a breach poses a high risk to affected individuals, we will notify those individuals without undue delay in accordance with Article 34.

13. Your rights

Depending on your location and the nature of the data, you may have the following rights under UK data protection law:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data where we have no lawful basis to continue holding it.
  • Restriction: request that we restrict processing in certain circumstances.
  • Portability: request a copy of your data in a structured, machine-readable format where processing is based on consent or contract.
  • Objection: object to processing based on legitimate interests.
  • Automated decision-making: not to be subject to solely automated decisions that produce significant legal or similar effects.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact: support@fitphone.ai

We will respond within one month. Where requests are complex or numerous, we may extend this by a further two months and will notify you of the extension within the first month.

We do not charge a fee for responding to rights requests unless they are manifestly unfounded or excessive.

14. Right to complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO and encourage you to contact us first at support@fitphone.ai.

15. Business customer responsibilities

Businesses using StudioCrew are responsible for:

  • Having a lawful basis to contact customers via WhatsApp or other channels.
  • Collecting any required consent or opt-in permission from their customers.
  • Complying with WhatsApp Business Policy, Meta's platform terms, marketing regulations, and applicable privacy and communications law.
  • Providing their own customer-facing privacy information disclosing their use of StudioCrew and AI-assisted messaging.
  • Ensuring that AI-assisted replies are appropriate, accurate, and consistent with their obligations to their customers.
  • Responding to their customers' data rights requests where they are the data controller, using the member erasure and data management tools available in the StudioCrew admin panel.
  • Entering into a Data Processing Agreement with Fitness Industry Sales LTD before processing customer data through StudioCrew.

StudioCrew provides tools to support communication, AI-assisted drafting, and conversation management, but each business remains responsible for how it uses those tools and for its own compliance with applicable law.

16. Children's data

StudioCrew is a business-to-business service intended for use by businesses and their adult staff. We do not knowingly collect personal data from children under the age of 13 for our own purposes, and we do not direct our service at children.

Where a business uses StudioCrew to communicate via WhatsApp with individuals who may be under 18 — for example, in the context of junior or family fitness classes — that business is responsible for ensuring it has the appropriate lawful basis, parental or guardian consent where required, and suitable safeguards in place for any processing involving minors.

17. Marketing communications

We may contact business users about StudioCrew services, updates, features, or related products where we have a lawful basis to do so.

Business users can opt out of marketing communications at any time by using the unsubscribe link in any marketing message or by contacting: support@fitphone.ai

We will not use WhatsApp customer message content for marketing purposes unrelated to the StudioCrew service.

18. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data practices.

When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify affected business customers by email or in-app notification with reasonable notice before the changes take effect.

We encourage business customers to review this policy periodically.

19. Contact us

For privacy questions, data subject rights requests, deletion requests, Data Processing Agreement enquiries, or any other privacy-related matter, please contact:

Fitness Industry Sales LTD
Trading as StudioCrew
71-75 Shelton Street
London, Greater London
WC2H 9JQ
United Kingdom

Company registration number: 11101867
ICO registration number: ZB574641

Email: support@fitphone.ai

We aim to respond to all privacy enquiries within five business days, and to all formal data subject rights requests within one month.

Back to home