Privacy Policy

GymSync is committed to protecting the personal data of gym owners and their members. This Privacy Policy explains what data we collect, how we use it, how we store it, and what rights you have over it. This policy complies with India's Digital Personal Data Protection Act 2023.

This policy applies to two types of people — Gym Owners who register and use the GymSync dashboard, and Gym Members whose data is entered into GymSync by their gym owner.

From gym owners: Name and email address, phone number, gym name city and address, login credentials (password stored encrypted, never in plain text), subscription and billing information processed by Razorpay (we do not store card details), usage data including which features you use how often device type and browser type.

From gym members entered by the gym owner: Full name, phone number, email address (optional), date of birth (optional), gender (optional), membership plan and dates, payment records, workout logs if logged by member in the app, attendance records.

Automatically collected data: IP address, browser and device type, pages visited and time spent, error logs.

Gym owner data is used to operate and maintain your account, process subscription payments, send you product updates receipts and support communications, and improve the platform based on usage patterns.

Gym member data is used to display member information in the gym owner dashboard, send WhatsApp and SMS renewal reminders on the owner's behalf, provide members access to the GymSync member app, and show members their own membership details workout history and milestones.

We do not sell your data or your members data to any third party. We do not show ads based on member data. We do not share data with brands or partners without explicit consent. We do not use member data to market other gyms to your members.

We share data only with these third parties and only as necessary to operate the service:

Razorpay for payment processing. MSG91 for WhatsApp and SMS delivery — only the member phone number and message content are shared. Firebase for push notifications to the member app — only a device token is shared. Supabase for database infrastructure — all data is stored with encryption at rest. Vercel for hosting the web dashboard.

All third parties are contractually required to protect your data and use it only for the specified purpose. We will share data with government or law enforcement only if required by law in India.

All data is stored with encryption at rest using AES-256 and encryption in transit using HTTPS and TLS. Passwords are hashed using bcrypt and never stored in plain text. Access to production data is restricted to authorized team members only. We conduct regular security reviews. In the event of a data breach that affects your personal data we will notify you within 72 hours.

Gym owner account data is retained for the duration of your subscription plus 30 days after account deletion giving you time to export your data. Gym member data is retained as long as the gym account is active. When a gym deletes a member record it is permanently deleted from our database. When a gym owner deletes their account all associated member data is permanently deleted within 30 days.

Under India's DPDPA you have the right to access all personal data we hold about you, correct inaccurate data, request deletion of your account and all associated data, export your data in portable CSV format, and withdraw consent for marketing communications at any time. To exercise any of these rights email us at privacy@gymsync.in

Gym members whose data has been entered by a gym owner may contact their gym owner directly to request access correction or deletion of their data. Alternatively members may contact us at privacy@gymsync.in and we will coordinate with the relevant gym owner.

GymSync uses essential cookies only — these are required for login sessions and security. We do not use tracking cookies, advertising cookies, or third-party analytics cookies that profile your behaviour across other websites.

GymSync is not intended for use with members under the age of 18. Gym owners must not enroll minors into the platform without verifiable parental consent.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email at least 14 days before they take effect.

Email: privacy@gymsync.in WhatsApp: [your number] Address: [Your Company Address], India