Privacy
Privacy Policy
How Gymcierge collects, uses, and protects personal data for coaches, gyms, members, and visitors — written to be readable as well as thorough.
We operate as both a platform for fitness businesses and as a processor of member data those businesses manage. This Policy explains both roles and your rights. Prefer the short version? Start with sections 2, 3, 6, and 9 — then dig deeper as needed.
1. Overview
This Privacy Policy explains how Gymcierge (“we”, “us”, “our”) collects, uses, stores, and discloses personal information when you use gymcierge.com, our coach and gym dashboards, mobile apps, APIs, and related services (the “Service”).
We designed Gymcierge for coaching businesses and gyms — so privacy must work for operators and for their members. This Policy is meant to be clear and practical, not murky.
Privacy contact: contact@gymcierge.com
2. Who is responsible for your data
2.1 Gymcierge as controller
We are the controller for account data we collect to operate Gymcierge as a platform — for example, coach/gym signup details, billing identity for Gymcierge subscriptions, marketing-site analytics, support tickets you send to us, and security logs.
2.2 Coaches and gyms as controllers
When a coach or gym uses Gymcierge to manage clients or members, that organisation is typically the controller of member/client profiles, bookings, health-related fitness data they choose to collect, chat content, class attendance, and marketing lists they build. Gymcierge processes that data as a processor / service provider on their instructions.
3. Information we collect
3.1 Information you provide
- Account details: name, email, password or auth tokens, role, preferences, UI theme.
- Business details: gym or coaching brand name, location, timezone, public page content.
- Profile and coaching content: goals, programmes, workout logs, measurements, photos you upload, notes, and chat messages.
- Membership and operations data: plans, subscriptions, class bookings, entry validation events, staff schedules (where enabled).
- Marketing contacts and campaign data when a gym uses email marketing features (including consent/status fields they manage).
- Billing information required for Gymcierge plans and add-ons. Card details are handled by Stripe; we receive limited billing metadata (for example last four digits, brand, status).
- Support and waitlist communications you send us.
3.2 Information collected automatically
- Device and browser data: IP address, device type, OS, app version.
- Usage data: pages and screens viewed, feature interactions, approximate timestamps.
- Diagnostics: crash and performance signals to keep the Service reliable.
- Cookies and similar technologies for session management, preferences, and analytics (see Cookies below).
3.3 Information from third parties
- Payment processors (Stripe) for subscription and payout status.
- Identity/auth providers if you sign in with supported methods.
- Calendar or domain providers if you connect those integrations.
4. How we use information
We use personal data to:
- Provide, secure, and improve the Service.
- Create and authenticate accounts; enforce permissions and gym roles.
- Power coaching, membership, class, staff, and marketing features you enable.
- Process Gymcierge billing, plan metering (including active-member counts), and add-ons.
- Send transactional messages (receipts, security alerts, booking or system notices).
- Provide customer support and investigate abuse or fraud.
- Analyse aggregated product usage to improve UX (where permitted).
- Comply with law and enforce our Terms.
Where we rely on consent (for example certain marketing cookies or optional marketing emails from Gymcierge), you can withdraw consent at any time without affecting other lawful processing.
5. Legal bases (EEA/UK)
Where GDPR/UK GDPR applies, we process personal data based on:
- Contract — to deliver the Service you signed up for.
- Legitimate interests — product improvement, security, preventing abuse, and basic business analytics balanced against your rights.
- Legal obligation — tax, accounting, and regulatory requirements.
- Consent — where required for optional marketing or non-essential cookies.
Coaches and gyms are responsible for establishing their own lawful bases for member/client data they control (for example contract, legitimate interests for gym operations, or explicit consent for certain health-related or marketing uses).
7. Retention
We retain personal data for as long as needed to provide the Service, meet legal/accounting obligations, resolve disputes, and enforce agreements. Coaches and gyms may retain member records in line with their own retention policies and local law. When an account is closed, we delete or anonymise personal data within a reasonable period unless we must keep it longer (for example invoices or fraud records).
8. Security
We implement administrative, technical, and organisational measures designed to protect personal data (access controls, encryption in transit, least-privilege practices, monitoring). No method of transmission or storage is 100% secure. Please protect your passwords and notify us of suspected unauthorised access.
9. Your rights
Depending on where you live, you may have rights to:
- Access a copy of personal data we hold about you
- Correct inaccurate data
- Request deletion
- Restrict or object to certain processing
- Data portability
- Withdraw consent where processing is consent-based
- Lodge a complaint with a supervisory authority
To exercise rights for data Gymcierge controls, email contact@gymcierge.com. For member data controlled by a coach or gym, contact that organisation first — we can help route requests where appropriate.
11. Children’s privacy
Gymcierge is not directed to children under 13 (or under 16 where a higher digital-consent age applies). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.
Coaches and gyms that onboard minors must ensure they have parental/guardian authority and comply with applicable child-protection and privacy rules.
12. International transfers
We operate globally. Personal data may be processed in the UK, EEA, United States, or other countries where we or our processors operate. Where required, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms.
13. Automated processing
Gymcierge may use automated tools to power product features (for example reminders, at-risk member signals, programme suggestions, or AI-assisted programme drafting). These tools support coaches and gyms; they are not intended to make solely automated legal or similarly significant decisions about individuals without human involvement where such decisions are prohibited.
14. Changes to this Policy
We may update this Privacy Policy. We will revise the effective date on this page and, for material changes, provide additional notice where appropriate (for example in-app or by email). Continued use of the Service after an update constitutes acknowledgment of the revised Policy.
15. Contact
For privacy questions, data requests, or complaints: contact@gymcierge.com
Related documents: Terms and Conditions · Pricing