Privacy Policy
1. Introduction & Scope
Who We Are
Sisu Longevity Studio ("Sisu," "we," "us," or "our") is a veteran-owned wellness facility located at 10855 Hidden Pool Heights, Suite 140, Colorado Springs, Colorado 80908. We provide evidence-based longevity and recovery services designed to help our community live better, longer.
Our services include contrast therapy (Finnish sauna + cold plunge), float room therapy, compression therapy, halotherapy, vibroacoustic therapy, hyperbaric oxygen therapy (HBOT), AlterG anti-gravity treadmill, red light therapy, PEMF therapy, and Longevity Training Lab programs (performance testing, coached clinics, and open training).
What This Policy Covers
This Privacy Policy explains how we collect, use, share, and protect your personal information when you:
- Visit our studio or website
- Use our services or purchase products
- Become a member or purchase session packages
- Communicate with us
- Participate in our events or community programs
This policy applies to all personal information we collect, regardless of how you interact with us—whether in person at our facility, through our website, mobile applications, or other channels.
Important Distinction
Sisu Longevity Studio provides wellness and recovery services. We are not a medical facility, and our services are not intended to diagnose, treat, cure, or prevent any disease or medical condition. While we collect certain health-related information to ensure your safety and personalize your experience, we are not a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA). However, we treat your health information with the same respect and care as if those regulations applied.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:
Sisu Longevity Studio
10855 Hidden Pool Heights, Suite 140
Colorado Springs, CO 80908
Email: privacy@sisulongevitystudio.com
Phone: (719) 960-0345
Privacy Inquiries Response Time: We aim to respond to all privacy-related inquiries within 10 business days.
Accessibility: Available in alternative formats upon request.
2. Information We Collect
We collect only the personal information reasonably necessary for the purposes outlined in this policy.
Information You Provide Directly
Account & Membership Information
- Name, email address, phone number, and mailing address
- Date of birth and age verification
- Emergency contact information
- Membership tier, billing preferences, and payment information
- Referral source and guest pass recipient information
Health & Wellness Information
- Health history questionnaire responses
- Contraindication screening information (including conditions such as pregnancy, cardiovascular conditions, implanted medical devices, claustrophobia, and other relevant health factors)
- Session preferences and goals
- Progress notes and session feedback
- Medical clearance documentation (when required for specific services such as HBOT)
- Physical limitations and accessibility needs
Fitness Training Information
- Standard fitness intake assessment data (for Longevity Training Lab programs)
- Current fitness level and exercise history
- Movement limitations and injury history
- Training goals and preferences
Wearable Device & Third-Party Platform Data
With your explicit consent, we may access wellness data from third-party platforms and wearable devices you use, such as heart rate variability (HRV), resting heart rate, sleep data, recovery scores, and training load. This data is accessed through authorized API connections that you initiate and can revoke at any time. We do not store credentials for third-party platforms — only authorized access tokens that you can revoke through the originating platform. We use this data solely to personalize your recovery and wellness protocols.
Photos & Visual Documentation
- Before/after progress photos (only with your written consent)
- Photos taken during events or community programs (with notice and opt-out available)
- Photos are never shared publicly without your explicit written release
AI-Powered Wellness Assessment
Our wellness assessment tools may use artificial intelligence to generate personalized protocol recommendations based on your responses. This processing occurs through our integrated platforms and does not result in decisions that produce legal or similarly significant effects. You have the right to opt out of AI-assisted profiling. Assessment responses are collected through Typeform and routed through Zapier to generate your recommendations. We do not retain your individual quiz answers long-term; however, if you choose to submit your contact details, we create and retain a lead record (including the information you provide) so that our team can follow up with you. If we introduce additional AI processing capabilities in the future, we will update this policy and obtain your consent before any such processing.
Military & Veteran Status
- Veteran status verification (for discount eligibility and VSO partnership programs)
Communications & Feedback
- Correspondence with our team
- Survey responses and testimonials
- Reviews and feedback you provide
- Marketing preferences and opt-in consents
Information Collected Automatically
Facility Systems
- Check-in and check-out records
- Service usage and booking history
- Security camera footage in common areas (not in treatment rooms, locker rooms, or restrooms)
Website & Digital Platforms
- Device information (browser type, operating system, device identifiers)
- IP address and general location information
- Pages visited, links clicked, and time spent on our website
- Booking platform usage data
- Mobile app interactions (if applicable)
Cookies and Similar Technologies
- Session cookies for website functionality
- Analytics cookies to understand how visitors use our site
- Marketing cookies (with your consent)
Information from Third Parties
- Payment processors (transaction confirmations)
- Marketing partners (with appropriate consent)
- Veteran Service Organizations (verification of eligibility for partnership programs)
- Referral sources when you are referred by another client or partner
Sensitive Personal Data
Under the Colorado Privacy Act, certain categories of information require heightened protection. We may collect the following sensitive personal data:
Health Information: Conditions, limitations, and wellness goals that help us provide safe, personalized services. We collect only the health information necessary to ensure your safety and tailor your experience.
Biometric Data: Currently, our services do not capture biometric identifiers (such as fingerprints, voiceprints, or facial geometry). Some of our modalities may track performance metrics (such as treadmill speed or session duration), but these are not classified as biometric identifiers under Colorado law. If we introduce services that capture biometric identifiers in the future (e.g., for enhanced wellness tracking), we will update this policy and obtain your explicit consent before any such collection and processing, in line with CPA requirements.
We only collect sensitive personal data with your explicit consent and for purposes directly related to providing our services safely and effectively.
3. How We Use Your Information
Service Delivery & Safety
- Conduct contraindication screenings to ensure services are appropriate for you
- Personalize therapy protocols based on your wellness goals and health profile
- Integrate wearable device data to personalize recovery protocol recommendations (with your consent)
- Generate real-time wellness recommendations through our assessment tools
- Schedule and manage your appointments
- Communicate service reminders, updates, and important safety information
- Respond to incidents and maintain facility safety
Membership & Business Operations
- Process payments and manage billing for memberships, packages, and purchases
- Track session credits and package balances
- Manage guest passes and referral programs
- Fulfill retail purchases and process returns
- Maintain accurate business records
Communication & Marketing
- Send transactional communications (booking confirmations, receipts, policy updates)
- Send appointment reminders and service notifications via SMS/text message (with your consent, in compliance with the Telephone Consumer Protection Act; reply STOP to any message to opt out)
- Deliver marketing communications about services, promotions, and events (with your consent)
- Invite you to community events, workshops, and programs
- Request feedback and reviews
- Respond to your inquiries
Improvement & Analytics
- Understand how our services and facility are used
- Improve our offerings and client experience
- Develop new services and programs
- Conduct internal research and analysis (using aggregated or de-identified data)
Legal & Compliance
- Comply with applicable laws, regulations, and legal processes
- Protect our rights and the rights of others
- Prevent fraud and enforce our policies
- Respond to lawful requests from public authorities
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
Service Providers
We work with trusted vendors who help us operate our business, including:
- Payment Processing: Global Payments, our integrated payment processor, to process transactions securely
- Software Platforms: MindBody (CRM, scheduling, point-of-sale, and account management) to manage your account and services, and Paychex (payroll and HR administration)
- Automation & Data Routing: Zapier, to route information between our intake tools, internal records, and CRM
- Marketing Tools: Email and messaging platforms to send communications you've requested
- Assessment Platforms: Typeform for wellness intake questionnaires and AI-powered assessment processing
- Wearable Data Platforms: With your consent, authorized API connections to wearable device platforms (e.g., Whoop, Garmin) to access wellness data you choose to share
- IT & Security: Providers who help maintain our systems and protect your data
All service providers are contractually required to protect your information, limit use to specified purposes, and implement appropriate security measures.
Professional Advisors
We may share information with our attorneys, accountants, and other professional advisors as necessary for business operations and legal compliance.
Legal Requirements & Safety
We may disclose your information when we believe in good faith that disclosure is necessary to:
- Comply with a legal obligation, court order, or government request
- Protect your safety or the safety of others
- Investigate potential violations of our policies
- Protect our legal rights
Business Transfers
If Sisu Longevity Studio is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
With Your Consent
We may share your information for other purposes when you have given us your explicit consent, such as:
- Publishing testimonials or success stories
- Sharing progress photos (with written release)
- Participating in research studies
- Referrals to partner practitioners or organizations
Group Sessions & Communal Spaces
When you participate in group services (such as group sauna sessions, mobility classes, or community events), other participants may observe your presence and participation. We do not share your personal health information with other clients, but your attendance in communal settings is visible to others present.
5. Your Privacy Rights Under Colorado Law
As a Colorado resident, you have specific rights regarding your personal information under the Colorado Privacy Act (CPA). We honor these rights for all our clients, regardless of residency.
Your Rights
Right to Know & Access — You can request confirmation of whether we process your personal data and obtain a copy of the personal information we hold about you.
Right to Correct — You can request that we correct inaccurate personal information we maintain about you.
Right to Delete — You can request that we delete the personal information we have collected about you, subject to certain legal exceptions (such as information we must retain for legal, tax, or safety purposes).
Right to Data Portability — You can request a copy of your personal information in a portable, readily usable format that allows you to transmit it to another entity.
Right to Opt-Out — You can opt out of:
- The sale of your personal data (we do not sell your data)
- Targeted advertising based on your personal information
- Profiling in furtherance of decisions that produce legal or similarly significant effects
- SMS/text communications (reply STOP to any message)
Universal Opt-Out Mechanisms: We recognize and honor universal opt-out mechanisms, including Global Privacy Control (GPC) signals sent through your browser or device, to facilitate opting out of targeted advertising, data sales, or profiling. When we detect such signals, we will process them as valid opt-out requests without requiring additional action from you.
How to Exercise Your Rights
To exercise any of these rights, you may:
- Email: privacy@sisulongevitystudio.com
- Phone: (719) 960-0345
- In Person: Visit our studio and speak with a team member
- Online: Submit a request through our contact form at sisulongevitystudio.com/contact
- Browser Signal: Enable Global Privacy Control in your browser settings
Verification Process
To protect your privacy, we will verify your identity before fulfilling your request. This may include:
- Confirming information you previously provided to us
- Requesting government-issued identification for sensitive requests
- Using a third-party verification service
You may also designate an authorized agent to submit requests on your behalf. Authorized agents must provide written authorization from you and verify their own identity.
Response Timeline
We will respond to your request within 45 days. If we need additional time (up to 45 more days), we will notify you of the extension and the reason.
Appeal Process
If we decline your request, you have the right to appeal. To appeal, contact us at privacy@sisulongevitystudio.com with "Privacy Appeal" in the subject line. We will respond to your appeal within 45 days.
If you are not satisfied with our response to your appeal, you may contact the Colorado Attorney General at:
Colorado Attorney General
Ralph L. Carr Colorado Judicial Center
1300 Broadway, 10th Floor
Denver, CO 80203
Non-Discrimination
We will not discriminate against you for exercising your privacy rights. However, if you request deletion of information necessary to provide our services, we may no longer be able to offer certain services to you.
6. Data Security
We take the security of your personal information seriously and implement appropriate technical, administrative, and physical safeguards.
Technical Safeguards
- Encryption of sensitive data in transit and at rest
- Secure payment processing through PCI-compliant providers
- Regular software updates and security patches
- Access controls limiting data access to authorized personnel
- Firewall and intrusion detection systems
Administrative Controls
- Staff training on privacy and data protection, including regular training on Colorado Privacy Act requirements and updates
- Written policies governing data handling
- Vendor due diligence and contractual protections
- Regular review of data access permissions
- Incident response procedures
- Periodic oversight audits to ensure ongoing compliance with privacy practices
Physical Security
- Controlled facility access
- Secure document storage and disposal
- Security cameras in common areas (not in treatment rooms, locker rooms, or restrooms)
- Workstation security protocols
Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by Colorado law. If a breach affects 500 or more Colorado residents, we will notify the Colorado Attorney General within the timelines mandated by law. Notification will include:
- A description of what occurred
- The types of information involved
- Steps we are taking to address the situation
- Recommendations for protecting yourself
- Contact information for questions
Vendor Breach Notification Chain: In the event that a service provider or vendor experiences a data breach affecting your information, our vendor contracts require prompt notification to us. Upon receiving such notification, we will assess the impact and notify affected individuals in accordance with Colorado law, as described above.
7. Data Retention
We retain your personal information only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.
| Category | Retention Period |
|---|---|
| Active member records | Duration of membership plus 7 years |
| Health and safety records | 7 years from last service |
| Payment and transaction records | 7 years (tax and accounting requirements) |
| Marketing preferences | Until you opt out or request deletion |
| Website analytics | 26 months |
| Security camera footage | 30 days (unless needed for incident investigation) |
| Session notes and protocol records | 7 years from last service |
| Incident reports | 7 years from incident date |
| Inactive accounts (non-members) | 3 years from last activity |
Deletion & Anonymization
When retention periods expire, we will securely delete or anonymize your personal information. Anonymized data (which cannot be used to identify you) may be retained indefinitely for research and analytics purposes.
8. Cookies & Tracking Technologies
What We Use
Essential Cookies — Required for our website to function properly. These cannot be disabled.
Analytics Cookies — Help us understand how visitors interact with our website. We use Google Analytics to collect aggregated usage data.
Marketing Cookies — Used to deliver relevant advertisements and track campaign effectiveness. These are only placed with your consent.
Managing Your Preferences
Browser Settings — Most browsers allow you to refuse or delete cookies through their settings. Note that disabling cookies may affect website functionality.
Do Not Track & Global Privacy Control — Our website responds to Do Not Track and Global Privacy Control (GPC) signals. When detected, we limit data collection to essential functions only and process the signal as an opt-out of targeted advertising.
Cross-Device Tracking — We do not engage in cross-device tracking or browser fingerprinting.
Opt-Out Tools
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Network Advertising Initiative: https://optout.networkadvertising.org
9. Children's Privacy
Age Requirements
Our services are designed for adults. We do not knowingly collect personal information from children under 13.
For clients ages 13-17, we require:
- Written parental or guardian consent before collecting any personal information
- Parental or guardian presence during intake and first session
- Parental or guardian authorization for ongoing services
Some services have higher age requirements due to safety considerations. These are communicated during booking.
Parental Rights
Parents or guardians of minor clients may:
- Review the personal information we have collected about their child
- Request correction or deletion of their child's information
- Revoke consent for future collection
If you believe we have inadvertently collected information from a child under 13 without proper consent, please contact us immediately at privacy@sisulongevitystudio.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
How We Notify You
Minor Changes — We will post the updated policy on our website with a new "Last Updated" date.
Material Changes — For significant changes that affect how we use your personal information, we will:
- Notify you by email (if we have your email address)
- Post a prominent notice on our website
- Provide notice at our facility
- Obtain new consent if required by law
Your Continued Use
Your continued use of our services after we post changes constitutes your acceptance of the updated policy. If you do not agree with changes, you may close your account and request deletion of your information.
11. Data Protection Assessments
We conduct data protection assessments as required by the Colorado Privacy Act for processing activities that present a heightened risk of harm, including our processing of health and wellness information. These assessments are documented, reviewed periodically, and available to the Colorado Attorney General upon request.
12. Additional Information
International Visitors
Our services are intended for individuals located in the United States. If you access our services from outside the United States, your information will be processed in the United States, where data protection laws may differ from your jurisdiction.
Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
13. Contact Information
For privacy inquiries, data subject requests, or complaints, contact us using the information in Section 1. To exercise your privacy rights, see Section 5.
Protecting your privacy is part of how we honor your trust.