REBEL RING

Privacy Policy

Last updated: May 23, 2026

Rebel Ring is gym management software operated by Rebel Fight Co, a sole proprietorship based in London, Ontario, Canada. This policy explains what personal information we collect, why we collect it, how we protect it, and the choices you have. We do not sell your personal information, and we do not use third-party advertising or analytics SDKs that track you across other apps or websites.

1. Who we are

Rebel Ring ("Rebel Ring," "we," "us," or "our") is a multi-tenant software platform that gyms use to manage memberships, class scheduling, attendance, belt and rank tracking, billing, and member communication. Your gym (the "Gym") is the organization that invited you to use Rebel Ring and is the primary party responsible for your membership relationship. Rebel Ring acts as the technology provider that processes information on the Gym's behalf, and on our own behalf for the limited purposes described below.

2. Information we collect

We collect only what is needed to operate the service. We do not run behavioural analytics, advertising trackers, or cross-app tracking technology in the app.

Information you or your gym provide

Account & identity	Name, email address, password (stored only as a secure hash by our authentication provider), your gym affiliation, and your role (member, staff, instructor, or owner).
Profile	Optional profile photo, short bio, disciplines you train, and your belt or rank progression.
Membership & billing status	Your membership status and the identifiers assigned by our payment processor, Stripe. Your membership payments are processed by Stripe on behalf of your gym, which is the merchant for your membership. We do not store your full card number, CVV, or bank details — those are handled directly by Stripe.
Liability waiver	The fact and timestamp of your acceptance of your gym's waiver.

Information generated as you use Rebel Ring

Activity	Class bookings, attendance check-ins, attendance streaks, kudos, challenges, leaderboards, and training invitations.
Messages	Messages you send in discipline chats, team chats, and announcements within your gym.
Device & notifications	A push-notification token so we can deliver class reminders and announcements to your device.
Diagnostics	Crash and error reports (via Sentry) that help us fix problems. These contain technical context about an error and may incidentally include limited identifiers. We do not enable session recording or replay.

3. Why we collect it

We collect and use personal information to:

• create and secure your account and verify your role and gym;
• provide core features — scheduling, check-in, rank tracking, messaging, and engagement features;
• enable membership payments through Stripe and reflect your membership status in the app;
• send you transactional and service messages, such as class reminders, billing notices, and announcements from your gym;
• diagnose problems, prevent abuse, and keep the service reliable and secure; and
• meet our legal and regulatory obligations.

Where Canadian privacy law requires consent, we rely on the consent you provide when you create your account and accept this policy, and on the legitimate operation of the service you have asked to use.

4. Children and family accounts

Some gyms run youth programs. Rebel Ring supports this through family accounts, in which a parent or legal guardian creates and controls a child's profile. Children do not register themselves, do not enter payment information, and do not independently create accounts. The parent or guardian:

• creates the child's profile and provides any information about the child;
• consents on the child's behalf to the collection and use of that information for the purpose of participating in the gym's programs; and
• can review, correct, or request deletion of the child's information at any time through their own account or by contacting us.

We collect only the information a gym needs to manage a child's participation — typically the child's name, the programs they attend, attendance, and rank. We do not knowingly allow children to self-register, and we do not direct advertising to children.

5. Who we share information with

We share personal information only as needed to run the service:

• Your gym. Staff, instructors, and the owner of your gym can see the information necessary to run their programs — for example your name, attendance, rank, and membership status.
• Service providers (sub-processors). We use a small set of trusted providers who process data on our behalf under contractual confidentiality and data-protection terms: Google Firebase (database, authentication, hosting, push delivery), Stripe (payment processing), Sentry (crash and error diagnostics), Resend (transactional email), Cloudflare (web infrastructure), and Expo (push-notification delivery).
• Legal requirements. We may disclose information if required by law, regulation, legal process, or to protect the rights, safety, and security of users, the public, or Rebel Ring.

We do not sell personal information, and we do not share personal information with advertisers.

6. Advertising

Rebel Ring may show limited in-app promotions for our own applications and for contextually relevant martial-arts products or services. These promotions are not personalized using cross-app tracking, and we do not share your personal information with any advertiser or ad network. No third-party advertising SDK is embedded in the app.

7. Where your data is stored

Personal information in our primary database is stored in Canada (Google Cloud's Toronto region). Some service providers, such as Stripe and our email and infrastructure providers, may process limited data in other countries in order to deliver their service. Where that occurs, the provider is bound by contractual data-protection obligations.

8. How long we keep it

We keep personal information for as long as your account is active and as needed to provide the service to your gym. When your account or your gym's relationship with Rebel Ring ends, we retain information only as long as necessary for legitimate business and legal purposes (such as financial record-keeping), after which it is deleted or anonymized. You or your gym may request earlier deletion as described below.

9. Your privacy rights

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, you have the right to:

• Access the personal information we hold about you;
• Correct information that is inaccurate or incomplete;
• Withdraw consent or request deletion of your information, subject to legal and contractual limits; and
• Ask questions about how your information is handled.

To exercise these rights, contact us using the details below. You may also contact your gym, who can action many requests directly. Where a request requires a structured export or deletion of your records, we will action it on request within the timeframes required by law.

10. How we protect your information

We use industry-standard safeguards including encrypted connections (HTTPS/TLS), authenticated access controls, role-based permissions, and server-side validation of sensitive operations. Payment card data is handled entirely by Stripe, a PCI-DSS Level 1 certified provider; Rebel Ring never receives or stores full card numbers. No method of transmission or storage is perfectly secure, but we work continuously to protect your information.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "last updated" date above and, where appropriate, notify you in the app. Continued use of Rebel Ring after a change means you accept the updated policy.