STEELHAUS PRIVACY POLICY

Last Updated: March 5h, 2025

Steelhaus LLC, together with its affiliates, agents, and licensees (collectively “we,” “us,” or
“our”), is a boutique indoor cycling studio delivering a premium fitness experience. In
addition to our in-person classes, we offer the Steelhaus mobile application to Members and
operate the Steelhaus website located at

https://www.steelhauscycle.com

(“Website”). To

support these services, Steelhaus utilizes certain software-as-a-service solutions and
related technology provided by Drop Fitness, Inc. (“Drop Fitness”), including member
management, scheduling, and third-party payment processing and collection services (the
“Software” and “Payment Services”). Drop Fitness operates its own technology platform,
including the website located at

https://tech.dropfitness.com

(“Tech Website”), which

supports the Software and Payment Services used by Steelhaus and other fitness operators.
Collectively, the Website, the Steelhaus application, the Software, the Payment Services, the
Tech Website, and any related applications (together, the “Services”) form the basis of how
we deliver and manage your Steelhaus experience.

This Privacy Policy describes what information may be collected when you access or use
our Services, how we and others use this information, under what circumstances we may
disclose the information to third parties, and the instances in which we may allow third
parties to collect information about you directly from you. Depending on your activities
when using or accessing our Services, you may from time to time be required to agree to
changes to this Privacy Policy. Your continued use of our Services after we make changes to
the Privacy Policy is deemed to be acceptance of those changes. This Privacy Policy applies
regardless of whether you use our Services via a computer, mobile device, tablet, or other
medium (collectively, your “Equipment”).

Information We May Collect About You

Some of the information we collect about you may be personal information that can be used
to identify you including, for example, your name, email address, or mailing address. In
some jurisdictions, certain unique identifiers like IP addresses and other usage or technical
information may be considered personal information. However, in no instance does
personal information include data where your identity has been removed so that we can no
longer identify you (deidentified data), which we may use for any purpose.

The information about you that we may collect through your use of our Services includes:

Contact information, such as your, your business’s and/or your business’s primary point(s)
of contact’s first name, last name, phone number, email address, personal and/or business
address, and business name.

Fitness Club Membership and Account-Related Information, such as your username and
password for access to our Services, fitness club location(s), fitness club facility access, key

FOB number, membership number, fitness club facility utilization, fitness club equipment
usage, and transaction history between you and your fitness club.

Fitness-Related Information, such as your height, weight, heartrate, body measurements,
performance information, fitness goals, training session frequency, training session content,
progress in training goals, correspondence between your fitness club and/or personal
trainer (so please only provide required information), the fitness classes you attend, and
other information regarding the utilization of services from your fitness club.

Financial Information, such as credit card, bank account, other payment information, or
other financial information related to provision of our Services.

Steelhaus uses Stripe, Inc. as its secure third-party payment processor. Stripe collects,
processes, and stores your payment information in accordance with its own privacy policy,
available at https://stripe.com/privacy. Steelhaus does not directly store your financial
information. Drop Fitness, Inc., our technology provider, may have limited visibility to
certain payment transaction metadata solely to facilitate Services but does not collect or
process your payment information.

Technological Information, such as you IP address, technical data about your Equipment,
and browsing actions and patterns.

Third Party Site Log-In Information, such as your Facebook, Twitter, and Google log-in
information if used to access our Services.

How We Collect Your Information

You provide it to us directly. You may give us information about you by completing required
forms or by communicating with us by text, e-mail, or other means. This includes
information you provide when you create an account, purchase a Service, use our Services,
complete a survey, provide feedback, report a problem, or otherwise contact us about our
Services, or provide information to be published or displayed on public areas of our
Services or transmitted to others.

We automatically collect it using technology from our website, applications, emails, and
other Services. As you interact with our Services, we may automatically collect technical
data about your Equipment, browsing actions and patterns as specified above. We collect
this information by using cookies, server logs, web beacons, and other similar technologies
(see Cookies and Automatic Data Collection Technologies).

You provide it to your fitness club through our Services or your fitness club enters it into
our Services. If a fitness club licenses, purchases, and/or uses our Software, through your
and their use of our Services, we collect information associated with your use of your fitness
clubs’ services as specified above. If your fitness club has created custom data fields within
our Software, we may collect your fitness information entered into those fields as specified
above.

From other places. We may receive information about you from other companies and
individuals including, for example, business partners, subcontractors, advertising networks,
social network platforms, analytics providers, and service providers. We may also receive
information about you from other users if, for example, another user provides us with your
email address to receive a discount.

Cookies and Automatic Data Collection Technologies

We may use automatic data collection technologies when you visit our Website, Apps, view
our advertisements, or use our Services. For example, we may use cookies to distinguish
you from other users of the Services to help us deliver a better and more personalized
service when you use our Services. It also allows us to improve our Services by enabling us
to:

Estimate our audience size and usage patterns.

Store your preferences so we may customize our Services according to your individual
interests.

Speed up your searches.

Recognize you when you return to our Services.

We also may use these technologies to collect information about your online activities over
time and across third-party websites or other online services. For more information, see
Interest-Based Advertising below.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your
Equipment. For information about managing browser settings to refuse cookies, see Your
Rights and Choices.

Flash Cookies. Certain features of our Services may use Flash cookies (local stored objects)
instead of browser cookies to collect and store information about your preferences and
navigation to, from, and on our Services. For information about managing Flash cookies see
Your Rights and Choices.

Web Beacons. Our Services pages and e-mails may contain small transparent embedded
images or objects known as web beacons (also referred to as clear gifs, pixel tags, and
single-pixel gifs) that permit us, for example, to count website page visitors or email
readers, or to compile other similar statistics such as recording content popularity or
verifying system and server integrity.

How We Use Your Information

We use your information to provide you with our Services offer you additional Services,
communicate with you, deliver advertising and marketing, and/or to conduct other

business operations, such as using information to improve and personalize your
experiences. Examples of how we may use the information we collect include:

With regard to financial information:

If you are a member of our fitness club, we use your financial information to process
payments for fitness services you have ordered through our Services, and to fulfill and
manage your orders, payments, returns, and exchanges made through our Services.

If you are a fitness club using our Software as a Service, we use your financial information to
process payment for SaaS services you have ordered, and to facilitate payouts associated
with payout services you use.

If you are a member of a fitness club that uses our Services, we do not use your financial
information. We may be able to view details of your financial information at certain times,
but we neither control, process, nor store this information. We contract with a third-party
payment processing vendor to allow our fitness club clients to transact payments from their
members. Your financial information is collected only by our third-party payment
processing vendor and is subject to their privacy policy.

Manage our relationship with you which may include notifying you about changes to our
Services, Terms and Conditions, and/or Privacy Policy, providing you notices about your
account, asking you to provide feedback or complete a survey, or addressing any concerns
you may have about our products or Services.

Provide your fitness club with our Services.

Allow your fitness club and/or your fitness instructor(s) to track and manage your fitness
goals, progress, and activity.

Create and maintain your account login credentials to our Services.

Deliver relevant content, advertisements, and messaging to you, and to measure or
understand the effectiveness of such content, advertisements, and messaging.

Respond to your requests from us or to fulfill any other purpose for which you provide it.

Use data analytics to measure website traffic, and to improve our Services, marketing,
customer relationships, and experiences.

Carry out our obligations and enforce our rights.

In any other way we may describe when you provide the information.

Disclosure of Your Information

We may share information that does not identify you without restriction. We may disclose
personal information as follows:

To other parties involved in processing your transactions for our Services.

To our contractors, service providers, and other third parties we use to support our
business, such as payment processing, data analysis, email delivery, hosting services,
customer service, and marketing providers; and who are obligated to keep personal
information confidential and use it only for the purpose for which we disclose it to them.

To other selected third parties to use tracking technology on the Services, which will enable
them to collect data about how you interact with the Services over time.

To third-party advertising companies, with your consent.

To comply with any court order, law, or legal process, including responding to any
government or regulatory request.
To enforce or apply our Terms and Conditions or other agreements including for
billing and collections purposes.
To protect the rights, property, or safety of our business, our employees, our
customers, or others. This includes exchanging information with other companies
and organizations for the purposes of cybersecurity, fraud protection and credit risk
reduction.
To investigate suspected violations of any law, rule or regulation, or the terms or
policies for our Services.
We may also share personal information about you with third-parties whom you or
your fitness club have contracted for services to enable them to provide you with
those services.

For any other purposes that we disclose when you provide the information.

To fulfill the purpose for which you provide it.

To an actual or prospective buyer or other successor in the event of merger, divestiture,
restructuring, reorganization, dissolution or other sale or transfer of some or all of our
assets, where one of the transferred assets is the personal information we hold.

Children’s Online Privacy

We do not direct any aspect of our Services to minors, and we do not knowingly collect
personal information from individuals under fifteen (15) years of age. If you are under 15
years old, do not use or provide any information through the Services. If we learn we have
collected or received personal information from a child under 15 years old without
appropriate consent, we will delete it. If you believe we might have any information from or
about a child under 13 please contact us using the notice contact information provided
herein.

Interest-Based Advertising

Our Services may integrate technology of third-party advertising networks (“Ad Networks”)
that allows for the recognition of your Equipment and the collection of information about
the browsing, searching, and other activities of you or anyone else using your Equipment.
This information is then used to send you advertisements for products and services that are
more likely to be of interest to you.

To enable interest-based advertising across your Equipment and software, we may also
share data, such as technical identifiers derived from your registration information on our
Services or our CRM system, with these Ad Networks. This allows them to link your
Equipment, browser, etc. and to better identify you across different environments.

If you do not wish to participate in interest-based advertising via Ad Networks, you may
opt-out by visiting and following the instructions set forth at either: (1) the Digital
Advertising Alliance’s website (); or (2) the Network Advertising Initiative’s website (). A
couple of important notes about these opt-out tools: (i) they include all the advertising
networks that we may work with, but also many that we do not work with; and (ii) they
may rely on cookies to ensure that a given advertising network does not collect information
about you (“Opt-out Cookies”). Therefore, if you use different Equipment, change web
browsers, or delete the Opt-out Cookies, you will need to perform the opt-out task again.

Finally, please note that certain browsers may offer you the option of providing notice to
websites that you do not wish for your online activities to be tracked for interest-based
advertising purposes (“DNT Notice”). Some browsers are, by default, set to provide a DNT
Notice, whether or not that reflects your preference. However, given how preference-based
advertising works, DNT Notices may not be effective in communicating your preferences.
For this and a variety of other reasons, while we attempt to honor your preferences when
specified through DNT Notices, we cannot guarantee that in every scenario we will take
effective action based on browser-based DNT Notices, with regard to our Services.
Therefore, if you do not wish to participate in interest-based advertising activities, you
should follow the opt-out process identified above.

Social Networks, Third-Party Links, Forums

Our Services may integrate social network plugins or include links to third-party websites
or services. Please keep the following in mind:

Social Networks. Our Services may make available the option for you to use “plugins” that
are operated by social media companies. If you choose to use one of these plugins, then it
may collect information about you and send it back to the social media company that owns
it. This may happen even if you do not click on the plugin, for example, if you are logged into
the social media website that owns the plugin when you access our Services. Information
collected by a plugin is subject to the privacy policy and terms of the social media company
that owns it. If you do not want the applicable social media company to collect information
about you when you use our Services, sign out of the social media network before visiting.
By interacting with a plugin when you use our Services (for example, clicking the “Like”

button), you are knowingly transferring information to that social media company. Further,
if you are logged into a social media website when you visit our websites, then you are
directing us to share your data with the social media company that owns the plugin.

Third-party links. Our Services may link to or contain links to third-party websites that we
do not control or maintain. We are not responsible for the privacy practices employed by
any third-party website. We encourage you to read the privacy statements of all third-party
websites before submitting any personally identifiable information through those websites.
For the avoidance of doubt, this Privacy Policy does not apply to another fitness club’s
website or data-collection practices, and we do not review or monitor any other fitness
club’s website.

Your Rights and Choices

Your rights may vary depending on where you are located. We have created mechanisms to
provide you with the following control over your information:

Marketing. If you do not want us to use your email address or other contact information to
promote or recommend our own Services, or third parties’ products or services, you may
opt-out by checking the relevant box located on the form where we initially collect your
contact information or, if presented with the option to opt-in, do not opt-in. If you have an
account with our Services, you may be able to log in and check or uncheck relevant boxes. If
you do not have an account, you can adjust your preferences by contacting us as set forth
below in the Contact Us section. You may also opt-out of further marketing communications
by replying to any promotional email we have sent you or following the opt-out links on
that message. Marketing opt-out generally will not apply to information provided to us as a
result of a purchase, licensing, or other transactions regarding our Services.

Accessing, updating, and deleting your information. If you have an account with us or
through our Services, you may have the ability to access your information and make
updates to or delete your data. If you do not have an account, you may contact us as set
forth in the Contact Us section below to request access to, correction of, or deletion of
personal information that you have provided to us. We may not accommodate a request to
change information if we believe the change would violate any law or legal requirement or
negatively affect the information’s accuracy.

Location Information. When you use our Services, we may automatically collect certain
Equipment (mobile device) specific information. This includes the general or specific
location of your Equipment through GPS, Bluetooth, or WiFi signals. Before we collect or
share location-specific information, it is our practice to ask for your consent. In some
instances, your operating system may not allow you to install an Application without giving
us consent. In all instances, you may withdraw your consent by disabling location features
for your Equipment.

Cookies and automatic data collection technologies. You may set your browser to refuse all
or some browser cookies, or to alert you when websites set or access cookies. Flash cookies
are not managed by the same browser settings used for browser cookies. To learn how you
can manage your Flash cookie settings, visit the Flash player settings page on . However, if
you disable or refuse cookies, please note that some parts of our Services may become
inaccessible or not function properly.

Interest Based Advertising. Please see Interest-Based Advertising above for information on
how to opt-out of interest-based advertising.

Data Security

The security of your information is very important to us. We use physical, electronic, and
administrative safeguards designed to protect your information from loss, misuse and
unauthorized access, use, alteration, or disclosure. The safety and security of your
information also depends on you. Where we have given you (or where you have chosen), for
example, a password for access to our Services, you are responsible for keeping this account
information confidential.

While we take reasonable precautions and have implemented managerial and technical
procedures to try to protect the security of data and information, including personal
information, we cannot guarantee against any loss, misuse, unauthorized disclosure, or
alteration or destruction of data or personal information. You provide your personal
information to us at your own risk. You acknowledge that: (1) there are security and privacy
limitations in computer systems and on the Internet which are beyond our control; (2) the
security, integrity, and privacy of any and all information and data exchanged between you
and us through our Services, including personal information, cannot be guaranteed; and (3)
any such information and data, including personal information, may be viewed or tampered
with by a third party while such information or data is being used, transmitted, processed,
or stored.

Changes to our Privacy Policy

We reserve the right to modify this Privacy Policy at any time for any reason. We will post
notice of any material changes we may make to our Privacy Policy on the Steelhaus Website
prior to making the change. Your continued use of our Services after the posting of the
amended Privacy Notice on the Website constitutes your affirmative (1) Acknowledgement
of the Privacy Policy as amended; and (2) agreement to be bound by the Privacy Policy as
amended. The date the privacy policy was last revised is identified at the top of the page.
Please check back frequently to review any updates or changes to our Privacy Policy.

Contact Us

If you have any comments or questions about our privacy policy, or to exercise the specified
rights above, you may contact using the page on the Website or at:

Address:

28 Farm View, Montvale, NJ 07645

Attn: Carin Karolin, Owner

Phone: +1 201-746-9996

Email: operations@steelhauscycle.com

We will respond to your request and, if applicable and appropriate, make the requested
change in our active databases as soon as reasonably practicable. Please note that we may
not be able to fulfill certain requests while allowing you access to certain benefits and
features of our Services.

Sole Statement

This Privacy Policy is the sole statement of our privacy practices with respect to our
Services. No summary, modification, restatement or other version of this Privacy Policy, or
other privacy statement or policy, in any form, is valid unless we post a new or revised
policy to our Website or Applications.

0159018.0796113 4915-9343-7191v5