← Home

Privacy policy

Last updated: May 19, 2026

This policy describes how the Gym Management System platform ("we", "us", "our") handles personal data. It is not legal advice. Have a qualified attorney review it for your business and jurisdictions.

1. Who this applies to

This policy applies to visitors of our website, gym operators who register as business accounts, and individuals whose data is entered into the platform by those businesses (for example members and trainers). If you use the service on behalf of a gym, you are responsible for informing your members and staff how you use the platform and what you collect from them.

2. Roles: platform vs. gyms

We provide software for gyms to run their operations. Each gym that uses the platform decides what member and staff information to enter and how to use it. For data that gyms upload about their members and trainers, the gym is typically the data controller for that relationship, and we act as a processor or service provider on their instructions, depending on applicable law.

For account data you give us directly when you sign up, subscribe, or contact support, we act as a controller for operating and improving the service, billing, security, and legal compliance.

3. Data we collect

We may process the following categories of information:

  • Account and authentication: name, email address, password hash, role (for example business client, member, trainer, admin), session and security tokens, and optional phone numbers or profile details you provide.
  • Business profile: gym name, business contact details, address or location fields you choose to fill, subscription and billing status, and payment gateway configuration metadata you supply if you connect a payment provider.
  • Operational data you submit: member and trainer records, attendance, memberships, payments, equipment, schedules, messages or notifications sent through the product, and other content stored in the application.
  • Payment and transaction data: amounts, status, identifiers from payment processors, and related records needed to complete subscriptions or member payments. Card numbers are handled by your payment provider where applicable, not stored by us as full card data unless your integration explicitly requires otherwise.
  • Technical and usage data: IP address, device and browser type, approximate location derived from IP, timestamps, pages or API routes accessed, and error or diagnostic logs used to secure and improve the service.
  • Support and communications: messages you send us, feedback, and correspondence we need to resolve issues or enforce our terms.

4. How we use data

We use personal data to:

  • Provide, host, and maintain the platform and its features.
  • Authenticate users, prevent fraud and abuse, and enforce security.
  • Process subscriptions, invoices, and payments you initiate.
  • Communicate about the service, important notices, and (where allowed) product updates.
  • Comply with law, respond to lawful requests, and defend our legal rights.
  • Analyze aggregated or de-identified usage to improve reliability and usability.

5. Legal bases (where applicable)

Depending on your region, we rely on one or more of: performance of a contract with you; legitimate interests that are not overridden by your rights (for example security and service improvement); consent where we ask for it (for example marketing cookies if we use them); and legal obligation.

6. Sharing and subprocessors

We may share data with:

  • Service providers who host infrastructure, send email or SMS, provide analytics, or support operations, under confidentiality and processing terms.
  • Payment processors (such as Cashfree or others you enable) to complete transactions you start.
  • Professional advisers where required (for example auditors or lawyers).
  • Authorities when required by law or to protect rights, safety, and security.

We do not sell your personal information in the conventional sense. We do not share data with unrelated third parties for their own marketing without appropriate consent where required by law.

7. Retention

We keep data only as long as needed for the purposes above, including to meet legal, accounting, or reporting requirements. Gyms may delete or export certain data according to product capabilities; residual backups may persist for a limited period. When data is no longer needed, we delete or anonymize it in line with our retention practices.

8. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No method of transmission over the Internet is completely secure; we encourage strong passwords and safe handling of credentials.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal data, and to data portability or to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us using the details below. We may need to verify your identity before responding.

10. Children

The service is intended for adults and businesses. We do not knowingly collect personal information from children under 13 (or the minimum age in your jurisdiction) for marketing purposes. Gyms that record minors as members should ensure they have proper parental or guardian authority where required.

11. International transfers

Your data may be processed in countries where we or our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers between jurisdictions.

12. Cookies and similar technologies

We may use cookies and similar technologies for authentication, preferences, security, and analytics. You can control cookies through your browser settings; some features may not work if you disable essential cookies.

13. Changes to this policy

We may update this policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated through the product or by email where appropriate.

14. Contact

For privacy questions or requests, contact us using the contact email shown in the site footer when it is configured.

Set PLATFORM_CONTACT_EMAIL and optionally PLATFORM_CONTACT_PHONE in your environment so this section shows your live contact details (same as the site footer).