GymFlow ProBack to Home

Privacy Policy

Last Updated: January 23, 2025

GDPR Compliant

This Privacy Policy is compliant with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to protecting your privacy and personal data.

1. Introduction

Welcome to GymFlow Pro. This Privacy Policy explains how GymFlow Technologies, LLC ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use our fitness studio management platform ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when you:

  • Create an account: Name, email address, password, phone number, business name
  • Use the Service: Member data, class schedules, payment information, staff details, equipment logs
  • Contact support: Support tickets, correspondence, feedback
  • Subscribe to communications: Email preferences, notification settings

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, actions taken
  • Device Information: IP address, browser type, device type, operating system
  • Cookies and Similar Technologies: Session IDs, preferences, analytics data
  • Log Data: Access times, error logs, performance metrics

2.3 Information from Third Parties

We may receive information from:

  • Payment processors: Payment confirmation, transaction details (we do not store full credit card numbers)
  • Analytics providers: Aggregated usage statistics, performance data
  • Authentication services: If you sign in using third-party OAuth (Google, Facebook, etc.)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Providing the Service

  • Create and manage your account
  • Process payments and manage subscriptions
  • Store and manage your gym data (members, classes, schedules)
  • Send transactional emails (confirmations, receipts, notifications)
  • Provide customer support

3.2 Improving the Service

  • Analyze usage patterns and trends
  • Fix bugs and technical issues
  • Develop new features and improvements
  • Conduct research and analytics

3.3 Communication

  • Send product updates and announcements
  • Respond to inquiries and support requests
  • Send marketing communications (with your consent)
  • Request feedback and conduct surveys

3.4 Legal and Security

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud and abuse
  • Ensure security and integrity of the Service

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing required to provide the Service you've subscribed to
  • Consent: You've given explicit consent for marketing communications or cookies
  • Legitimate Interests: Improving our Service, fraud prevention, security
  • Legal Obligation: Compliance with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

5.1 Service Providers

We use third-party services to support our operations:

  • Payment Processing: Stripe, PayPal (for secure payment processing)
  • Email Services: SendGrid, AWS SES (for transactional emails)
  • Cloud Hosting: DigitalOcean, AWS (for infrastructure)
  • Analytics: Google Analytics (for usage analytics)

All third-party providers are contractually bound to protect your data and only use it for specified purposes.

5.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal process (subpoenas, court orders)
  • Enforce our Terms of Service
  • Protect rights, property, or safety of our company, users, or public
  • Investigate fraud or security issues

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice and inform you of any choices you may have regarding your information.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Enable core functionality (authentication, session management)
  • Analytics Cookies: Understand how users interact with the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may limit Service functionality. See our Cookie Policy for more details.

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Strict access controls and authentication
  • Security Audits: Regular security assessments and penetration testing
  • Monitoring: 24/7 system monitoring and intrusion detection
  • Backup: Regular automated backups for disaster recovery

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our security measures.

8. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Active Accounts: Data retained while your account is active
  • After Cancellation: Data retained for 30 days to allow reactivation
  • Backup Systems: Data may persist in backups for up to 90 days
  • Legal Requirements: Some data retained longer to comply with legal obligations (e.g., financial records for 7 years)

You can request deletion of your data at any time (see Your Rights section below).

9. Your Rights (GDPR)

Under GDPR and other data protection laws, you have the following rights regarding your personal data:

Your Data Rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Restrict processing of your data in certain circumstances
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (for consent-based processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@gymflowpro.com or through your account settings. We will respond to your request within 30 days.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Privacy Shield certification (where applicable)

11. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

12. Marketing Communications

With your consent, we may send you marketing emails about new features, promotions, and updates.

You can opt out at any time by:

  • Clicking "unsubscribe" in any marketing email
  • Updating your email preferences in account settings
  • Contacting us at privacy@gymflowpro.com

Note: You will still receive transactional emails (receipts, password resets, etc.) even if you opt out of marketing.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Data Controller: GymFlow Technologies, LLC

Email: privacy@gymflowpro.com

Address: 1234 Fitness Boulevard, Suite 500, Wilmington, DE 19801

DPO (Data Protection Officer): dpo@gymflowpro.com

Website: https://gymflow.other10.com

Your Privacy Matters

We are committed to protecting your privacy and maintaining transparency about our data practices. If you have any questions or concerns, please don't hesitate to contact us.