Back to Home

August 1, 2025

Privacy Policy - Gymuu

Effective date: August 1, 2025

Who we are: Gymuu ("Gymuu", "we", "us", "our"). This policy explains how we collect, use, share, and protect personal data when you use our website, mobile apps, and partner-gym access features (the "Services").

Scope & governing law. This Policy applies to anyone who visits or uses the Services in India. We align with current Indian data-protection requirements and will update this Policy as new rules and guidance take effect.

1) Data we collect

Account & identity. Name, email, mobile number, password/OTP (hashed/one-time), city, and optional profile photo.

Access & usage. Check-ins and entry logs at partner gyms, class/session bookings, membership status, support tickets, and in-app actions.

Location & device. Approximate location (city/region). With permission, precise location or proximity signals (e.g., Bluetooth/NFC) for door unlocks and check-ins. Device identifiers, OS/app version, IP address, diagnostics.

Payments. UPI or card payments are processed by our payment partners. We receive tokens and limited metadata (status, masked card, timestamp). We do not store full card numbers.

Wellness inputs (optional). Height/weight ranges, goals, injuries/limitations, training preferences (you can skip or delete anytime).

Images/media (optional). Photos or videos you upload (e.g., community gallery). CCTV inside partner facilities is managed by those facilities under their own policies.

Cookies/tech. Essential cookies keep you signed in and secure; analytics cookies help improve performance. You can control non-essential cookies in your browser; some features may not work without them.

2) How we use your data

  • Provide & operate the Services (accounts, check-ins, unlocks, bookings, receipts).
  • Verify identity & prevent fraud (account/device checks, unusual-activity flags).
  • Communicate about transactions, product updates, and security notices.
  • Personalize recommendations you opt into (e.g., nearby gyms/classes).
  • Improve & secure our products (analytics, debugging, performance).
  • Marketing where permitted, with easy opt-out.
  • Comply with law and enforce our terms.

3) Legal bases & consent

We rely on your consent where required (e.g., precise location, wellness inputs, certain marketing). We also process data to perform our contract with you (deliver access) and to meet legal obligations (tax, fraud, security). We will update this section as Indian data-protection rules evolve.

4) Sharing your data

We share data only as needed to run Gymuu:

  • Partner gyms & coaches to validate membership, enable entry, and manage bookings.
  • Service providers (payments, hosting, SMS/email, analytics, support) under contracts with confidentiality and security obligations.
  • Corporate transactions (merger, acquisition, or asset sale) with required notices.
  • Legal & safety when required by law or to protect users, partners, or the platform.

We do not sell your personal data.

5) International transfers

If we transfer data outside India (e.g., cloud regions), we use reasonable contractual and technical safeguards. You can contact us for details.

6) Data retention

We keep personal data only as long as necessary for the purposes above or as required by law.

  • Account & identity: for your account life; delete on closure (subject to legal holds).
  • Access logs: typically 24 months for security/audits.
  • Payment records: per statutory retention (often 7–8 years for accounting).
  • Wellness inputs/media: until you delete them or close your account.

7) Security

We use administrative, technical, and physical safeguards appropriate to the data—TLS encryption in transit, hardened infrastructure, access controls, monitoring. No method is 100% secure; we continuously improve our controls.

8) Your choices & rights

You can access, correct, update, or delete your information and withdraw consent (e.g., location, marketing) in the app or by contacting us. When new Indian data-principal rights become applicable, we'll support them and update this Policy.

9) Children

The Services are not intended for users under 18 without parental/guardian consent. We will delete data inadvertently collected from minors without proper consent when notified.

10) Grievances & contact

We designate a Grievance Officer and aim to resolve complaints within 30 days.

Temporary Grievance Officer: J Roshan

Email: roshan@gymuu.com

Address: 1/83, Thiruveedhi Amman Kovil Street, Kottivakkam, Chennai – 600041.

For general privacy queries, you may also write to roshan@gymuu.com or legal@gymuu.com.

11) Third-party links & partners

The Services may link to third-party sites or operate inside partner-gym systems. Their privacy practices are separate; please review their policies before sharing data.

12) Changes to this Policy

We may update this Policy to reflect product or legal changes. We will post updates here and change the Effective date above. For material changes, we'll notify you in-app or by email.

13) Consent

By using Gymuu, you confirm that you have read and agree to this Policy and consent to the collection and processing of your data as described. You may withdraw consent where applicable via settings or by contacting us.

Return to Home