Privacy Policy

Last updated: May 11, 2026

This Privacy Policy explains how GymStack ("we", "us", or "our") collects, uses, and protects your personal information when you use our gym management platform and mobile app. By using GymStack, you agree to the practices described here.

1. Information We Collect

We collect information you provide directly when creating an account or using our services:

  • Account data — full name, email address, password (hashed), mobile number, city, and gender.
  • Gym and business data — gym name, address, operating hours, membership plans, locker assignments, expense records, and financial records.
  • Health & fitness data — attendance logs, membership history, workout plans, diet plans, daily workout logs, meal logs, and body metrics (weight, body fat %, BMI, muscle mass, chest/waist/hip measurements).
  • AI plan data — when you generate an AI workout or diet plan, your fitness goals, current metrics, and preferences are sent to Google Gemini AI to produce personalised recommendations. This data is processed by Google under their data processing terms.
  • Payment data — transaction amounts, dates, and plan details. We do not store raw card numbers; payments are processed by Razorpay.
  • Device & notification data — push notification tokens (Expo) and device metadata used to deliver in-app and push notifications to the mobile app.
  • Usage data — screens visited, and feature interactions and error logs to improve the product.

2. How We Use Your Information

  • Provide, operate, and improve the GymStack platform and mobile app.
  • Generate personalised AI workout and diet plans using Google Gemini AI.
  • Send push notifications and in-app alerts (plan assignments, payment receipts, supplement purchase requests, announcements).
  • Send transactional emails (welcome, OTP verification, password reset, receipts).
  • Process payments through Razorpay.
  • Detect and prevent fraud, abuse, and security threats.
  • Comply with applicable legal obligations.
  • Send platform updates and product announcements (you can opt out at any time).

3. Sharing of Information

We do not sell your personal data. We may share information with:

  • Service providers — Razorpay (payments), Resend (email delivery), Vercel (hosting), Supabase/PostgreSQL (database), Expo (push notifications), and Google Gemini AI (AI plan generation). Each is bound by a data processing agreement.
  • Your gym — your trainer and gym owner can view your fitness data, attendance, plan history as part of the gym management service.
  • Legal authorities — when required by law, court order, or to protect the rights and safety of GymStack and its users.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. You may request deletion of your account at any time by contacting privacy@gymstack.co.in. Payment records may be retained longer to meet accounting and legal requirements.

5. Security

We implement industry-standard measures to protect your data, including TLS encryption in transit, bcrypt-hashed passwords, JWT-based mobile authentication with short-lived access tokens stored in device secure storage (Expo SecureStore / Android Keystore), and access controls. No system is 100% secure — please use a strong, unique password and notify us immediately of any suspected unauthorized access.

6. Cookies and Tracking

We use essential cookies for authentication (session management) and analytics cookies to understand how the platform is used. See our Cookie Policy for full details.

7. Your Rights

Depending on your jurisdiction you may have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Port your data to another service.

To exercise any of these rights, contact us at privacy@gymstack.co.in.

8. Children's Privacy

GymStack is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the platform. Continued use of GymStack after changes constitutes acceptance of the updated policy.

10. Contact

Questions or concerns about this policy? Reach us at privacy@gymstack.co.in or visit our Contact page.