Plain English summary: GimFox is a gym management SaaS. Each gym's data lives in its own isolated database — we never mix data between gyms. We do not sell your data or your members' data to any third party, ever.
01
Information We Collect
When you register your gym (Gym Owner / Operator)
- Business name, owner name, email address, and phone number provided during onboarding
- Subscription plan and billing information (processed securely via our payment gateway)
- Login credentials (gym code, email, and hashed password — we never store plaintext passwords)
- IP address and browser/device information for security and fraud prevention
Data you enter into GimFox for your gym
As a gym owner, you control all the data you enter. This includes:
- Member profiles: name, contact details, date of birth, photo, membership plan, fitness goals
- Attendance records: check-in and check-out timestamps
- Workout and diet assignments linked to individual members
- Finance entries, enquiry leads, and internal notes
- SMTP mail settings you configure for outgoing email from your gym
Usage & Technical Data
- Pages visited within the app, feature interactions, and session duration
- Error logs and crash reports (anonymised where possible)
- Server logs retained for up to 30 days for security monitoring
02
How We Use Your Data
- Service delivery — to create, maintain, and operate your gym's account and database
- Authentication — to verify your identity and your gym members' identities securely
- Email communications — renewal reminders, welcome emails, and support responses
- Billing — to process subscription payments and maintain billing history
- Product improvement — aggregated, anonymised usage patterns to improve GimFox features
- Support — to respond to your support tickets and troubleshoot issues
- Legal compliance — to comply with applicable Indian laws and regulations
We do not use your data or your gym members' data to train AI models, to run targeted advertising, or to create profiles for sale to third parties.
03
Database Isolation
Every gym gets its own dedicated database. We do not use row-level tenant separation — each gym's data lives in a completely separate MySQL database (e.g., gimfox_demo). This means data from one gym can never appear in another gym's interface by any application bug or misconfiguration.
This architectural choice was made specifically to maximise data privacy and security for gym owners and their members. Even our own platform operators access gym data only through controlled administrative tools and only when required for support purposes.
Isolation Model
Database-per-Gym
Cross-Gym Data Access
Architecturally Impossible
Hosting
India-based servers
DB Encryption
Encrypted at rest
04
Data Sharing
We do not sell, trade, or rent your personal data or your gym members' personal data to any third party.
We may share data with
- Payment processors — only the billing data required to process your subscription payment
- Email infrastructure providers — solely to deliver transactional emails on your behalf
- Law enforcement / regulatory bodies — only when legally compelled by a valid court order or Indian government authority
We never share
- Gym member personal data with any marketing company or data broker
- Workout, diet, attendance, or health-adjacent data with any third party
- Your gym's financial or revenue data
05
Data Retention
- Active gym accounts: data retained indefinitely while your subscription is active
- Cancelled or expired accounts: gym data retained for 60 days after subscription end, then scheduled for deletion
- You may request immediate data deletion at any time by contacting us at hello@gimfox.com
- Billing records are retained for 7 years as required under Indian tax law
- Server logs are purged after 30 days
06
Security
We implement industry-standard security measures to protect your data:
- All data in transit is encrypted using TLS 1.2+
- Passwords are hashed using bcrypt — we never store or transmit plaintext passwords
- Admin and member sessions are isolated; a member session cannot access admin-level data
- Tenant database switching is controlled by server-side middleware — it is not user-controllable
- Provisioning operations are protected by a shared secret key and are not publicly accessible
- File uploads (photos, logos) are stored in scoped subdirectories per gym to prevent cross-gym collision
Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to hello@gimfox.com.
07
Gym Member Data
GimFox operates as a data processor on behalf of gym owners (the data controllers) with respect to gym member data. This means:
- The gym owner is responsible for obtaining their members' consent to use GimFox for member management
- GimFox processes member data strictly as instructed by the gym's usage of the platform
- Gym members who wish to access, correct, or delete their data should contact their gym directly
- GimFox will assist gym owners with any data subject requests upon written request
If you are a gym member and want to know what data your gym has about you, please contact your gym administrator directly — not GimFox. We can only act on instructions from the gym owner.
08
Cookies
We use strictly necessary session cookies to maintain your authenticated session. We do not use third-party tracking cookies or advertising cookies. For full details, see our Cookie Policy.
09
Your Rights
As a gym owner using GimFox, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate personal data
- Erasure — request deletion of your account and all associated data
- Portability — request your data in a machine-readable format
- Objection — object to any processing based on legitimate interests
To exercise any of these rights, email us at hello@gimfox.com with the subject line "Data Rights Request". We will respond within 30 days.
10
Policy Changes
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify active gym owners via email at least 14 days before material changes take effect. Continued use of GimFox after the effective date constitutes acceptance of the updated policy.