1. Introduction
GymOS ("we", "us", "our") operates the software-as-a-service gym management platform available at GymOS and associated services. We value the privacy of our subscribers (gym owners, managers, administrators) and their members.
This Privacy Policy details the types of information we collect, how we use it, how we secure it, and your rights in connection with this data. GymOS acts as a Data Processor for member data uploaded or managed by gym owners (the Data Controllers). GymOS acts as a Data Controller for account setup, billing, and transactional details of gym owners who subscribe directly to our service.
By registering for an account or using our platform, you consent to the practices described in this Privacy Policy.
2. Information We Collect
We collect information in the following categories to provide a fully operational dashboard:
Subscriber Profile Data
When a gym signs up, we collect personal and organizational details: Gym Name, Contact Name, Email, Phone Number, GSTIN/Business Identifiers, and billing details.
Gym Member Data
Provided directly by the gym owner or dashboard operator: member name, email, phone number, physical measurements (if logged), check-in logs, and photos for authorization.
Billing & Payment Metadata
We record details of invoices, payment status, amount paid, and subscription history. Payment instruments (cards, UPI) are handled securely by Razorpay or Stripe; we do not store raw credentials.
Usage & Technical Logins
IP addresses, login timestamps, platform activity logs, browser types, and cookie session details to guarantee account security and prevent unauthorized access.
3. How We Use Information
GymOS uses data strictly to fulfill our contractual and business commitments:
- Service Provision: Managing memberships, classes, check-ins, invoice generation, and reports.
- Transactional Alerts: Sending auto-alerts for membership expiry, billing payments, invoices, or critical system notices via email/SMS.
- Payment Processing: Reconciling Razorpay transactions, generating branded PDF invoices, and calculating gym payouts/reports.
- Platform Optimization: Analyzing platform metrics (speed, page views, error rates) to fix bugs and improve performance.
- Compliance & Safety: Validating user accounts, preventing fraud, and enforcing our Terms and Conditions.
4. Data Sharing & Subprocessors
We value your trust. We do not sell, rent, or distribute any personal data to advertisers. Information is only shared under the following conditions:
- Supabase: Database hosting, user authentication, and file storage (SSL-encrypted).
- Firebase: Analytics and page event metrics.
- Razorpay: Indian payment processing and subscription billing.
5. Data Security & Row-Level Security (RLS)
We employ industry-leading protection to ensure data integrity and confidentiality:
- Database Isolation: Every record belongs to a distinct `tenant_id`. We implement strict database **Row-Level Security (RLS)** policies that restrict any tenant (gym operator) from querying, modifying, or viewing data belonging to any other gym.
- Encryption: All data is encrypted during transmission using HTTPS/TLS protocols and encrypted at rest in our secure database engines.
- Access Limits: Authentication token rotation and secure session checks prevent unauthorized access. Gym staff access is strictly filtered by roles (SUPERADMIN, GYM_ADMIN, STAFF, TRAINER, MEMBER).
6. Data Retention & Deletion
We retain data for as long as a gym account remains active. If a subscription is terminated, we store backing configuration files and database entries for 90 days to allow for retrieval, after which all tenant data is permanently deleted from our live databases.
Gym members who wish to delete their profile details must submit a request to their respective gym administrator. Upon instructions from the gym administrator, GymOS will purge the individual's records immediately.
7. Your Rights & Choices
Under relevant data regulations, you have the following rights over your data:
- Right to Access: You can download or view all profiles, rosters, billing logs, and check-in schedules directly from the GymOS dashboard.
- Right to Rectification: You can update user emails, numbers, and settings inside the App Settings or via the admin console at any time.
- Right to Erasure: Gym owners can request full deletion of their tenant account data by contacting us.
- Consent Withdrawal: You may close your account to withdraw consent for processing, though past transactional financial documents may be retained for accounting and tax requirements in India.
9. Contact & Grievance
For any questions regarding your data, security, or this Privacy Policy, please contact our support team.
Grievance Support Email
We resolve data privacy queries within 15 working days.