Westchester Ninja Warriors

Legal

Privacy Policy

Last updated: May 27, 2026

Who we are

Westchester Ninja Warriors(“we”, “us”, “our”) operates the website at https://westchesterninjawarriors.com and the obstacle-course gym located at 11 Clearbrook Road, Elmsford, NY 10523. We offer ninja warrior training classes, open gym sessions, birthday parties, and camps for children and adults. This policy explains what personal information we collect, why we collect it, how we protect it, and what choices you have.

Information we collect

We collect only what is necessary to operate the gym, process bookings, and communicate with you:

  • Contact information— name, email address, phone number, and mailing address submitted through our contact, booking, and waiver forms.
  • Waiver and liability release data— guardian name, participant names, dates of birth, medical conditions disclosed, signature image, IP address, and timestamp. This data produces a signed PDF waiver stored securely for our records and emailed to you.
  • Booking and payment information— class or party selection, date/time, and transaction details. Payment card data is collected and processed entirely by Stripe; we never see, store, or have access to your full card number.
  • Account information— if you create an account via our authentication provider (Clerk), we store your name, email, and a provider identifier (Google, Apple, or email login).
  • Usage and analytics data— via PostHog, we collect pageviews, button clicks, device type, browser, and approximate geolocation. This data is used in aggregate to improve the website. We do not use it to build individual advertising profiles.
  • Photo and video— if you consent to the photo release in our waiver, photos or videos taken at the facility may be used on our website and social media. You may opt out of the photo release when signing the waiver.

How we use your information

  • To process class bookings, party reservations, and payments
  • To generate, store, and email signed liability waivers
  • To respond to inquiries submitted through our contact form
  • To send booking confirmations and party invitation emails
  • To manage your account and authenticate your identity
  • To improve site performance, fix bugs, and analyze usage patterns
  • To comply with legal obligations (e.g., retaining waivers)

We do not sell your personal data. We do not share it with third parties for advertising.

Service providers

We use a limited number of trusted vendors who process data on our behalf under their own privacy policies and data processing agreements:

  • Vercel — website hosting and edge delivery
  • Supabase — database and secure file storage (waivers, bookings)
  • Stripe — payment processing (PCI DSS Level 1 compliant)
  • Clerk — user authentication and account management
  • PostHog — product analytics
  • Nodemailer / SMTP — transactional emails (confirmations, waivers, invites)
  • Google Calendar — scheduling integration for class and party availability

Cookies and tracking

We use the following types of cookies:

  • Essential cookies— required for authentication sessions, booking flow state, and CSRF protection. These cannot be disabled.
  • Analytics cookies— PostHog uses a cookie to distinguish unique visitors and track aggregate usage. No advertising cookies are used.

You can disable non-essential cookies in your browser settings. Some site features (analytics-driven improvements) may not function without them, but booking and waiver functionality will continue to work.

Data retention

  • Waivers— retained for 7 years from the date of signature, consistent with New York liability requirements.
  • Booking records— retained for 3 years for accounting and dispute resolution.
  • Contact form submissions— retained for 1 year, then deleted.
  • Analytics data— automatically anonymized after 12 months.

Data security

We protect your data with HTTPS encryption in transit, encrypted storage at rest in Supabase, row-level security policies on our database, and Stripe’s PCI-compliant payment infrastructure. We do not store payment card data on our servers. Access to production data is limited to authorized personnel.

Children’s privacy (COPPA)

Our programs serve children of all ages, but we do not knowingly collect personal information directly from children under 13 through this website. All bookings, account creation, waiver signatures, and payments must be completed by a parent or legal guardian. Participant names and dates of birth collected on waivers are provided by the guardian, not the child.

If you believe a child under 13 has submitted personal information without verifiable parental consent, contact us immediately at westchesterninjawarriors@gmail.com and we will delete it within 48 hours.

Your rights

Depending on where you live (including under New York law), you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Opt out of analytics tracking
  • Receive a copy of your data in a portable format

To exercise any of these rights, email westchesterninjawarriors@gmail.com. We will respond within 30 days.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.

Contact

Questions or concerns about this policy? Contact us at westchesterninjawarriors@gmail.com, call (914) 609-3096, or visit us at 11 Clearbrook Road, Elmsford, NY 10523.