Introduction & Who We Are
GymPro Technologies Pvt. Ltd. ("GymPro," "we," "us," or "our") is the data controller responsible for personal data collected through the GymPro platform. We are registered under the laws of India and operate primarily from Mumbai, Maharashtra.
This policy applies to:
- Gym Owners â individuals or businesses who register and manage a gym on GymPro.
- Gym Members â individuals whose data is managed through GymPro by a gym owner.
- Website Visitors â anyone who visits our website or interacts with our public-facing services.
When GymPro processes member data on behalf of a gym owner, the gym owner is the data controller and GymPro acts as a data processor. Each gym owner is responsible for having their own lawful basis for collecting member data.
Data We Collect
We collect different categories of data depending on how you interact with GymPro:
Identity Data
Full name, date of birth, gender, profile photo, government ID (where required)
Contact Data
Email address, mobile number, postal address, emergency contact details
Financial Data
Subscription plan details, payment history, billing address (card data processed by our payment gateway â not stored by us)
Membership Data
Gym enrollment records, attendance logs, leave history, plan assignments, subscription status
Technical Data
IP address, device type, browser, operating system, session tokens, login timestamps
Usage Data
Pages visited, features used, click patterns, search queries within the platform, error logs
We collect this data when you register an account, use platform features, contact our support team, or interact with our website.
How We Use Your Data
We use collected data strictly for legitimate purposes related to operating the GymPro platform:
- Account Management: To create, verify, and maintain your GymPro account securely.
- Service Delivery: To provide gym management features including member tracking, attendance, billing, and plan management.
- Payment Processing: To process subscription payments and maintain billing records.
- Customer Support: To respond to your inquiries, resolve issues, and improve service quality.
- Platform Security: To detect and prevent fraudulent activity, unauthorized access, and abuse.
- Analytics & Improvement: To understand usage patterns and improve platform features (using anonymized or aggregated data where possible).
- Legal Compliance: To comply with applicable laws, regulations, and court orders.
- Communications: To send service-related notifications, billing alerts, and (with your consent) marketing communications.
đĢ What We Never Do
We never sell your personal data to third parties. We do not use your data for targeted advertising. We do not build individual profiles for commercial resale.
Legal Basis for Processing
We process personal data only when we have a valid legal basis to do so under applicable data protection law. The bases we rely on are:
- Contract Performance: Processing necessary to provide our services under your subscription agreement.
- Legal Obligation: Where we are required by law to retain or process certain data (e.g., tax records, audit trails).
- Legitimate Interests: For platform security, fraud prevention, and service improvement â where these interests are not overridden by your data protection rights.
- Consent: For marketing communications and optional data processing activities. You may withdraw consent at any time without affecting previous processing.
Data Sharing & Disclosure
We do not sell, trade, or rent personal data. We may share data only in the following limited circumstances:
- Service Providers: Trusted third-party vendors who assist us in operating the platform (e.g., cloud hosting, payment processing, email delivery). All vendors are contractually bound to process data only as instructed by us.
- Gym Owners: Member data entered into the platform is accessible to the respective gym owner and their authorized staff as part of the service.
- Legal Requirements: Where required by law, court order, or government authority, we may disclose data to the extent legally required.
- Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity, subject to equivalent privacy protections.
đ Third-Party Processors
Our key sub-processors include cloud infrastructure providers (AWS/GCP), PCI-DSS compliant payment gateways, and transactional email services. A current list of sub-processors is available on request at privacy@gympro.io.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Our general retention schedule is:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account & identity data | Duration of account + 3 years | Contract & legal compliance |
| Billing & payment records | 7 years | Tax & financial regulations |
| Membership & attendance logs | Duration of membership + 2 years | Operational records |
| Support & communication logs | 3 years | Dispute resolution |
| Technical / server logs | 90 days | Security monitoring |
| Marketing preferences | Until consent withdrawn | Consent-based |
Upon account termination, you may request data export within 30 days. After that period, data is securely deleted or anonymized unless legal retention obligations apply.
Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@gympro.io.
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data, subject to legal retention obligations.
Right to Restriction
Request that we limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for marketing purposes.
Right to Withdraw Consent
Withdraw consent for consent-based processing at any time, without penalty.
Right to Complain
Lodge a complaint with your local data protection authority.
We will respond to verified requests within 30 days. We may ask you to verify your identity before processing your request.
Cookies & Tracking
GymPro uses cookies and similar technologies to operate and improve the platform. The categories of cookies we use:
- Essential Cookies: Required for core platform functionality such as authentication sessions and security. These cannot be disabled.
- Functional Cookies: Remember your preferences and settings (e.g., language, dashboard layout).
- Analytics Cookies: Help us understand how the platform is used through aggregate, anonymized data. You may opt out.
- Security Cookies: Used for fraud prevention and CSRF protection.
We do not use advertising or tracking cookies. You can manage cookie preferences via our Cookie Settings panel. Disabling non-essential cookies may affect some platform features.
Security Measures
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure:
- All data transmitted between your device and GymPro servers is encrypted using TLS 1.2 or higher.
- Data at rest is encrypted using AES-256 encryption on our cloud infrastructure.
- Access to personal data is role-based and restricted to authorized personnel on a need-to-know basis.
- We conduct regular security audits, vulnerability assessments, and penetration testing.
- All staff with access to personal data undergo data protection training.
- We maintain an incident response plan and will notify affected users of data breaches as required by law.
đ¨ Reporting a Security Issue
If you discover a security vulnerability, please report it responsibly to security@gympro.io. We take all reports seriously and aim to respond within 48 hours.
Children's Privacy
GymPro is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.
If a gym owner registers a minor member (aged 13â17) on the platform, they are responsible for ensuring parental or guardian consent has been obtained. If you believe we have inadvertently collected data from a child without appropriate consent, please contact us immediately at privacy@gympro.io and we will take prompt action to delete such data.
Third-Party Links
The GymPro platform may contain links to third-party websites, payment portals, or integrated services. This Privacy Policy applies solely to GymPro's own services. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal information.
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Notify registered users via email or an in-platform notification at least 14 days before the changes take effect.
- For significant changes affecting your rights, we may request renewed consent where required by law.
Your continued use of GymPro after the effective date of a revised policy constitutes acceptance of the updated terms.
Contact Us & Data Protection Officer
For any privacy-related questions, to exercise your data rights, or to raise a concern, please contact:
đĄ Data Protection Officer
GymPro Technologies Pvt. Ltd.
Attn: Data Protection Officer
Email: privacy@gympro.io
Legal: legal@gympro.io
Security: security@gympro.io
Address: 4th Floor, Innovation Hub, Bandra Kurla Complex, Mumbai â 400051, India
Response time: Within 30 days of receipt
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.
Your Privacy, Our Commitment
We are dedicated to protecting your personal data and being transparent about how it is used. If you have any questions, we're here to help.