We take your privacy seriously. This policy explains what data we collect, how we use it, and the rights you have.
Last updated: June 9, 2026
Table of Contents
When you register for GMS, we collect your name, email address, phone number, gym name, and subdomain. This information is required to create and manage your account.
As a gym owner, you may input member profiles including names, contact details, membership plans, attendance records, and payment history. This data is stored securely and accessible only to authorized users within your gym account.
We collect payment records entered by gym staff (amount, method, date). We do not store full credit/debit card numbers. Payment processing for GMS subscriptions is handled by third-party processors who comply with PCI-DSS standards.
We automatically collect information about how you use our platform — pages visited, features used, browser type, IP address, and device identifiers — to improve our service and ensure security.
To operate, maintain, and improve the GMS platform, process transactions, send transactional notifications, and provide customer support.
To send service updates, security alerts, billing reminders, and — where you have opted in — product news and promotional offers. You can unsubscribe from marketing emails at any time.
To understand how our platform is used, diagnose technical problems, and develop new features that better serve gym owners and their members.
To comply with applicable laws, respond to lawful requests, enforce our Terms of Service, and protect the rights, property, or safety of GMS, our users, or the public.
GMS does not sell, rent, or trade your personal information or your members' data to third parties for their marketing purposes.
We share data with trusted third-party vendors who assist in operating our platform (e.g., cloud hosting, email delivery, analytics). These partners are bound by data processing agreements and may only use your data to provide services to us.
If you enable WhatsApp reminders, member phone numbers are used solely to send the messages you configure. This is processed via our messaging integration and no data is retained by third-party providers beyond message delivery.
We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect rights, prevent fraud, or ensure user safety.
Your gym's data is logically isolated from other tenants on the platform. Each gym operates in a separate data context, ensuring one gym cannot access another's data.
All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. Passwords are hashed using bcrypt and never stored in plain text.
Role-based access control (RBAC) ensures each user (gym owner, trainer, receptionist, member) can only access the data relevant to their role. Audit logs track all data access and modifications.
In the event of a data breach, we will notify affected users within 72 hours of discovery as required by applicable regulations, and take immediate steps to contain and remediate the breach.
You may request a copy of all personal data we hold about you or your gym at any time. We will provide it in a machine-readable format within 30 days.
You can update your account information directly from the dashboard. If you need assistance correcting inaccurate data, contact our support team.
You may request deletion of your account and all associated data. Upon account closure, your data will be permanently deleted within 30 days, except where retention is required by law.
You may object to or request restriction of certain data processing activities. We will honor such requests except where we have a legitimate legal basis to continue processing.
We retain your data for as long as your account is active or as needed to provide services.
Upon account deletion, personal data is removed within 30 days. Aggregated, anonymised analytics data may be retained indefinitely as it cannot be used to identify individuals.
Certain data may be retained longer if required by applicable law (e.g., financial records for tax compliance).
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact our team. We will respond within 5 business days.
For privacy-related enquiries, reach us at:
© 2026 GMS — Workflow Gym Management. All rights reserved.