Privacy Policy

Last Updated: 11 May 2026

This policy explains how Crystalline Equine collects, uses, and protects the personal information of people who contact us or use our services. It applies to messages sent on WhatsApp, Instagram, Facebook Messenger, email, and conversations handled by our messaging assistant, Crystal.

1. Who We Are

  • Crystalline Equine is a wellness studio offering ground-based equine sessions in Dubai, United Arab Emirates.
  • Address: Al Rowaiyah Third, Dubai, UAE.
  • Contact: [email protected] or WhatsApp +971 54 501 7333.
  • For privacy-specific questions, email [email protected] with the subject "Privacy request".

2. About Crystal, Our Messaging Assistant

  • Some replies you receive from us are sent by Crystal, an AI-powered messaging assistant.
  • Crystal handles common questions about our location, schedule, pricing, and policies.
  • Anything outside that, including bookings, custom events, complaints, or anything specific to you, is reviewed and answered by a member of our team.
  • Crystal will identify herself as an assistant if you ask, and you can request a human at any time.

3. Information We Collect

  • Contact identifiers: your phone number, Instagram or Facebook handle, or email address, as provided by the channel you use to message us.
  • Messages: the content of messages you send us, attachments you share, and our replies.
  • Profile information: your name and profile photo as visible on the channel you message us through.
  • Booking-related information: name, email, and payment details collected by our booking system if you make a booking.
  • Technical metadata: timestamps, channel identifiers, and conversation thread IDs.
  • We do not collect health information, payment card numbers (handled by our processor), or location data beyond what the messaging channel provides.

4. How We Use Your Information

  • To respond to your messages on the channel you contacted us through.
  • To provide our services, including bookings and session information.
  • To keep conversation records so we can provide consistent service and resolve disputes.
  • To comply with applicable law, including the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021).
  • Lawful basis: your consent (by initiating contact) and our legitimate interest in operating our business.

5. How Long We Keep It

  • Active conversation history: retained while you are an active or recent customer and for up to 24 months after your last message.
  • Booking and transaction records: retained for 7 years to comply with UAE accounting and tax law.
  • Aggregated, anonymised analytics: retained indefinitely.
  • You can request earlier deletion at any time, see our Data Deletion page.

6. Who We Share It With

  • We do not sell your personal information. We share it only with service providers needed to deliver our service.
  • Meta Platforms (WhatsApp, Instagram, Facebook Messenger): the messaging platforms themselves.
  • Anthropic and OpenAI: AI providers that power our messaging assistant. Neither retains message content for model training under our API agreements.
  • Fly.io: hosting provider for our messaging system. Servers may be located outside the UAE.
  • Cloudflare: DNS and network protection.
  • Resend or MailChannels: outbound email delivery.
  • Mindbody and time2book: booking system providers, used only if you book a session.
  • Stripe: payment processor, used only when you pay. Stripe handles all card data directly.
  • Telegram: internal tool for our team to review and respond to messages forwarded from customer channels.

7. International Transfers

  • Some of our service providers process data outside the UAE, including in the United States and European Union.
  • Where data leaves the UAE, we rely on the provider's data-protection commitments, standard contractual clauses, or equivalent safeguards.

8. Your Rights

  • Access: request a copy of the personal information we hold about you.
  • Correct: ask us to fix anything inaccurate.
  • Delete: ask us to delete your personal information (see our Data Deletion page).
  • Object: object to specific uses of your data.
  • Withdraw consent: message "stop", "unsubscribe", "remove me", or "إلغاء" on any channel, and we will permanently silence our assistant for you.
  • Complain: to the UAE Data Office or your local data-protection authority.
  • To exercise these rights, email [email protected]. We respond within 30 days.

9. Security

  • We protect your information using TLS encryption in transit and encrypted database storage at rest.
  • Access to internal systems is limited to authorised team members with role-based access control.
  • We use short-lived API tokens for all third-party integrations and rotate credentials regularly.
  • If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by law.

10. Children

  • Our services are available to participants aged 10 and over.
  • Participants under 10 require a parent or guardian present and a signed waiver.
  • We do not knowingly collect information from anyone under 13 except when a parent or guardian books on their behalf.

11. Cookies and Tracking

  • Our website uses minimal cookies for session management and analytics.
  • Our messaging assistant does not use cookies.
  • If we add tracking or advertising cookies in the future, we will update this policy and provide a consent banner.

12. Changes to This Policy

  • We may update this policy from time to time. The "Last Updated" date at the top reflects the latest version.
  • Material changes will be communicated through our website or by direct message.

13. Contact

  • Questions, requests, or complaints about privacy: email [email protected] with the subject "Privacy request".
  • We respond within 30 days.
Book your first class