1. Introduction

At Electric Daisy Fitness, LLC, we are committed to protecting the privacy of our customers and our company, and to preventing unauthorized access to sensitive information within our scope of practice and ability.

No computer system, information, or method of transmission over the Internet is guaranteed 100% secure, or can ever be fully protected against every potential threat. To that end, we take careful consideration in selecting our payment platforms and online hosts to prioritize safety, to provide you with a better user experience, and to fulfill our services.

Within our own organization, we are committed to performing reasonable and appropriate measures to protect our services, website, and information against possible threats.

2. This Agreement

This Security Policy should be read in conjunction with our Privacy Policy.

In this policy, the terms “we,” “us,” “our,” and “our company” refer to Electric Daisy Fitness, LLC (“the Organization”).

The terms “user,” “you” and “your” refer to “Visitors” of Our Website and “Customer” of the Organization.

  • A “Visitor” is anyone who lands on and views electricdaisyfitness.com (“our Website”).
  • A “Customer, ” “Client” or “Participant” is anyone who signs up for and opens an account on our payment platform, MINDBODY, Inc (“MINDBODY”) with the intent of purchasing classes and participating in the Dance and/or Fitness classes and/or use the exercise equipment (the “Activities”) offered by the Organization.

When you access, view or use any part of our services, you are accepting the terms and conditions of this Agreement.

2. Best Practices

As a general rule:

ALL CUSTOMERS OF ELECTRIC DAISY FITNESS, LLC ARE REQUIRED TO BOOK SERVICES IN ADVANCE VIA THE MINDBODY iFRAME ON OUR WEBSITE, THE MINDBODY ONLINE STORE, OR THE MINDBODY MOBILE APP.

ELECTRIC DAISY FITNESS, LLC DOES NOT STORE CARDHOLDER DATA IN ANY FORMAT, ELECTRONICALLY OR IN PRINT.

ELECTRIC DAISY FITNESS, LLC DOES NOT ASK FOR CARDHOLDER DATA VIA THE PHONE OR IN ANY FORM OF WRITING, AND DOES NOT SWIPE OR MANUALLY ENTER CARDHOLDER DATA ON PREMISES.

As an organization, we are responsible for ensuring that the company’s systems and data are protected from unauthorized access and improper use. In an effort to protect company information, we will:

  • Use a password-protected, private WiFi network or VPN secured by a firewall when accessing the Internet;
  • Maintain updated anti-virus software on all devices, and remove any programs that the anti-virus software flags as potentially malicious;
  • Maintain up-to-date versions of operating systems (e.g., Macintosh OS, etc.) and applications (e.g., Google Workspace, Google Chrome, etc.), with all security updates and patches installed;
  • Replace out-of-date devices that no longer support the newest operating systems, applications, and updates;
  • Only store credit card account numbers in encrypted credit card fields designed for that purpose (e.g., MINDBODY, etc);
  • Change passwords on a quarterly basis;
  • Use strong passwords and keep accounts secure with two-step authentication, when available;
  • Always lock devices with a unique password or PIN, and leave workspaces clear of sensitive information when unattended;
  • Limit personal use of company information, devices, and other resources.
  • Use extreme caution when opening e-mail/text links or attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code;
  • Destroy any hard copy documents with sensitive information written on them when no longer required for company-use;

To that end, we will NOT:

  • Request cardholder data over the phone or in any form of writing (i.e. hard copy, email, chat, direct message, etc.);
  • Swipe or manually enter cardholder data on premises, on any company device;
  • Disclose sensitive information about the company or its customers unless authorized to do so;
  • Share passwords or accounts;

Personally-identifying information of any kind will only be disclosed in response to a medical emergency, subpoena, court order, or other governmental request, or when the Organization believes in good faith that disclosure is reasonably necessary to protect the property or rights of the Organization, or the public at large.

4. Our Website

Our Website maintains a valid SSL security certificate, which encrypts communication between the website and its users, and is hosted on a private server with 24/7 monitoring capabilities against potential threats.

DISCLAIMER: Our Organization is NOT responsible for the maintenance, security, policies or practices of our hosting company.

5. Payment Processing

Electric Daisy Fitness, LLC uses online booking and class management software provided by MINDBODY.

MINDBODY IS CERTIFIED AS A LEVEL 1 SERVICE PROVIDER UNDER PCI DSS VERSION 3.2.

MINDBODY is responsible for protecting cardholder data after such data is encrypted and received by MINDBODY’S system(s).

DISCLAIMER: Our Organization is NOT responsible for the maintenance, security, policies or practices of MINDBODY’s website, iframes, widgets, or mobile Apps. For more information on how MINDBODY processes, obtains, and protects personal, cardholder data:

MINDBODY Privacy Policy: www.mindbodyonline.com/privacy-policy
MINDBODY Security Policy: www.mindbodyonline.com/security-policy

6. User Expectations

DISCLAIMER: Our Organization is NOT responsible for the security of your online environment, devices, or systems.

When using our website and MINDBODY platform, we strongly recommend that you:

  • Use a password-protected, private WiFi network or VPN to access the Internet;
  • Install and maintain updated anti-virus software on your devices;
  • Enable web browser auto-updates, and keep all operating systems and applications up-to-date;
  • Do not share sensitive information through our website contact, or by text or email;
  • Use strong passwords and keep accounts secure with two-step authentication, when available;

If you receive a phone call, text, e-mail or any other form of communication from someone impersonating our company asking you to disclose financial or medical information, please contact us immediately at 716-427-5510.

6. Need-to-Know

To minimize the risk of data exposure, we adhere to the principles of least privilege and role-based permissions when providing access to all company accounts, including the MINDBODY Business platform.

At the time of this policy, our Organization does not employ any individuals. In the event that we hire employees, future employees will only be authorized to access data that they reasonably must handle to fulfill their current job responsibilities.

Other considerations include:

  • Ensuring that every employee that needs access to any company account(s) to fulfill specific job requirements has a unique username and password that is known only by that individual with two-factor authentication, when available;
  • Restricting permission to install software on company-owned devices to the Owner and/or trusted senior staff;
  • Upon termination of employment, the employee’s access to all company account(s) is immediately revoked;

Temporary or guest instructors do NOT require access to any business accounts whatsoever.

7. Physical Security

All customers of the Organization must book their services in advance, and sign in upon arrival, so there is always a record of class attendance. Spectators are not allowed within the studio. Internal doors are looked at all times, and the external door should be locked once class is in session.

We do NOT keep sensitive information of any nature on premises.

8. Security Compliance Assessment

The security of our company is a continuous process. The Organization will complete a PCI Compliance Self-Assessment Questionnaire on an annual basis. Best practices will be implemented and reviewed on an ongoing basis, or when relevant to include newly developed security standards and/or changes to company structure.

9. Revisions To Our Security Policy

Our Organization has the right to revise our Security Policy at any time and for any reason at our sole discretion. Changes are effective as soon as the updates are posted to Our Website. We may communicate changes to our Security Policy, but please stay informed! It is your responsibility to ensure that you read, understand and agree to the most current Security Policy.

If you do not agree with any items within our Security Policy, you must stop visiting our Website and cease participating in our Activities.

Last Updated: April 22, 2022

2022/05/19