Skip to main content

Privacy Policy

Back to home

Last updated: February 7, 2026

This Privacy Policy explains how GymSoftware processes personal data when you visit our website or use our gym management platform.

1) Roles: customers vs members

If you’re a gym/customer using the platform, you typically act as the data controller for your members’ data and we act as a data processor processing that data on your instructions. If you are a gym member, please contact your gym directly for requests about your membership data.

2) Data we collect

  • Account & profile data: name, email, role/permissions, login and security events.
  • Member management data: membership status, visit history, bookings, notes, and audit logs (as configured by the gym).
  • Payments & billing: transaction metadata, invoices, and payment status (payment details are handled by payment providers where applicable).
  • Biometric access (optional): fingerprint enrollment templates/identifiers used for check-in/access control (where enabled by the gym).
  • Device/usage data: IP address, browser/device information, and activity logs for security and reliability.

3) How we use data

  • Provide and operate the platform (memberships, bookings, billing, reporting, and kiosk workflows).
  • Secure accounts, prevent abuse, and investigate incidents.
  • Provide customer support and respond to requests.
  • Improve performance and reliability of the service.

4) Legal bases (where applicable)

Depending on the context, we process personal data based on contract (to provide the service), legitimate interests (security and service improvement), and/or consent (for optional communications). Gyms are responsible for establishing their own legal basis for member-facing processing.

5) Biometric data

If enabled, biometric check-in uses fingerprint data for identification/access. We aim to store only what’s necessary for matching (for example, a template/identifier rather than a raw fingerprint image). Biometric processing may be subject to additional requirements under applicable law; gyms should enable this feature only where they have an appropriate legal basis and have provided suitable member notices.

6) Sharing and subprocessors

We share personal data with service providers who help us operate the platform (for example: hosting, email delivery, payment processors). We do not sell personal data.

7) Retention

We retain personal data for as long as needed to provide the service, meet legal/financial obligations, resolve disputes, and enforce agreements. Retention periods may vary by data type and customer configuration.

8) Your choices and rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your data, and to object or request portability. If you’re a gym member, your request may need to be handled by your gym as the controller.

9) Contact

Questions about this policy? Contact us via the contact page or email support@gym.software.