Privacy Policy

CoreSouth Studio Analytics · Effective June 12, 2026

This Privacy Policy explains how CoreSouth Lagree ("CoreSouth," "we," "us") collects, uses, stores, and protects information in connection with CoreSouth Studio Analytics (the "Application"), an internal business-intelligence tool used by authorized CoreSouth staff to analyze studio operations across our Huntsville, Madison, and Guntersville (Alabama) locations.

Internal application. The Application is a private, staff-only tool. It is not offered to the public and is not used to sell goods or services to consumers. Access is restricted to CoreSouth personnel who sign in with a verified @coresouthlagree.com account.

1. Information we collect

The Application connects to the following business systems and mirrors data needed for analytics:

Source	Data accessed	Purpose
MarianaTek	Members, memberships, classes, bookings, locations (including member names, emails, phone numbers, attendance)	Membership, retention, attendance, and utilization analytics
Stripe	Customers, charges, invoices, subscriptions, products, balance transactions	Billed-revenue, refunds, failed-payment, and merchandise/credit analytics
Intuit QuickBooks Online	Accounting records such as profit & loss, expenses, and related financial reports	Margin, cost, and corporate-planning analytics

We also process the email address of each authorized staff user for authentication and access control.

2. How we use information

To produce internal dashboards, metrics, forecasts, and recommendations for CoreSouth management.
To authenticate staff users and enforce role/domain-based access controls.
To operate, secure, debug, and improve the Application.

We do not sell personal or financial data, and we do not use it for advertising.

3. Intuit / QuickBooks data

When you connect QuickBooks Online, we access only the accounting data necessary for the analytics described above, via Intuit's official API and OAuth authorization. QuickBooks data is:

Stored in our access-controlled database (Supabase/PostgreSQL) used solely for CoreSouth's internal analytics;
Never sold, rented, or shared for marketing, and never disclosed to third parties except the service providers listed in Section 5 that process data on our behalf;
Retained only as long as needed for analytics and deleted upon disconnection or request as described in Section 6.

You may revoke the Application's access at any time from within QuickBooks (Settings → Apps) or by contacting us; revoking access stops further data access and triggers deletion of mirrored QuickBooks data within 30 days.

4. Use of an AI assistant

The Application includes an optional natural-language query feature powered by Anthropic's Claude API. When a staff user submits a question, the question and the relevant aggregated analytics results may be sent to Anthropic to generate an answer. Anthropic processes this input to return a response and does not use CoreSouth data to train its models. Raw financial and personal records are not sent for model training.

5. Service providers (subprocessors)

We use the following providers to operate the Application; each processes data only to provide their service to us:

Supabase — database, authentication, and edge functions (data hosting).
Netlify — static hosting of the dashboard interface.
Anthropic — the optional AI query assistant (see Section 4).
MarianaTek, Stripe, and Intuit — source systems we read from with authorization.

6. Data retention and deletion

We retain mirrored data for as long as the Application is in use for analytics. Upon disconnection of a source, account termination, or a verified deletion request, we delete the associated mirrored data within 30 days, except where retention is required by law.

7. Security

We protect data with industry-standard measures including encryption in transit (TLS), encryption at rest, row-level security restricting access to verified CoreSouth staff, least-privilege service credentials, and secrets stored outside source code. No method of transmission or storage is 100% secure, but we work to protect information using reasonable safeguards.

8. Your rights

Members and individuals whose data appears in our source systems may request access to, or deletion of, their information by contacting us at the address below; we will coordinate with the relevant source system (e.g., MarianaTek, Stripe, QuickBooks) as appropriate.

9. Children

The Application is an internal business tool and is not directed to children under 13.

10. Changes to this policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Effective" date above.

11. Contact us

CoreSouth Lagree
Huntsville, Alabama, USA
Email: info@coresouthlagree.com