Privacy Policy – Gym Scribe

Contents

Information We Collect
How We Use Your Information
How We Share Your Information
Data Storage and Security
Data Retention
Your Rights
Children's Privacy
Third-Party Services
Changes to This Policy
Contact Us

This Privacy Policy explains how Gym Scribe ("we", "our", or "us") collects, uses, stores, and protects your personal information when you use our gym management mobile application ("App") available on the Google Play Store. By using our App, you agree to the collection and use of information in accordance with this policy.

This policy applies to gym owners, managers, and staff who use the App to manage their gym operations, as well as gym members whose information is entered into the App by gym staff.

Information We Collect

Account Information

When you register and set up your gym account, we collect:

Full name and email address
Phone number
Gym name, address, and city
Gym logo and digital signature images
Role within the gym (owner or manager)

Member Information

Gym owners and managers enter the following information about gym members:

Full name, phone number, and email address
Gender and profile photo (optional)
Membership plan details and duration
Payment history including amounts paid, pending balances, and payment dates
Notes added by gym staff

Usage Information

We automatically collect certain information when you use the App:

Device type and operating system version
App usage patterns and feature interactions
Error logs and crash reports

How We Use Your Information

We use the information we collect to:

Provide and operate the gym management features of the App
Generate membership invoices and payment records
Manage membership plans, renewals, and expiry tracking
Authenticate users and maintain account security
Improve, maintain, and troubleshoot the App
Respond to your support requests and queries
Comply with applicable laws and legal obligations

Important: We do not use your data or your gym members' data for advertising, profiling, or any purpose other than operating the App as described above.

How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

Service Providers

We use the following trusted third-party services to operate the App:

Supabase – cloud database and authentication (data stored in secure cloud servers)
Firebase (Google) – push notifications (FCM)
Razorpay – payment processing and transaction management

Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, including to comply with applicable Indian laws and regulations.

Business Transfer

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or in-app notice before your data is transferred and becomes subject to a different privacy policy.

Data Storage and Security

Your data is stored securely on Supabase cloud infrastructure, which is hosted on Amazon Web Services (AWS). All data is encrypted in transit using TLS (HTTPS) and encrypted at rest.

Payment processing: We use Razorpay to process payments. When you make a payment through the App we share necessary transaction information with Razorpay, including the transaction amount, currency, order identifier, payment method metadata (for example card brand and last four digits), and customer contact details (name, email, phone) so Razorpay can complete the transaction. Sensitive payment details (such as full card numbers and CVV) are handled directly by Razorpay and its SDKs and are not stored on our servers. Razorpay is a PCI-DSS compliant payment processor; payment transmissions are encrypted in transit. Please review Razorpay's privacy practices at razorpay.com/privacy.

We implement the following security measures:

Row-level security ensuring each gym can only access its own data
Authenticated access — all API calls require a valid login session
Role-based access control (owner and manager roles)
No hardcoded credentials or API keys in the application code

While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your account and gym data for as long as your account remains active or as needed to provide you with the App's services.

If you choose to delete your account, we will delete your personal data within 30 days of your deletion request, except where we are required to retain certain information by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

Payment and transaction records (including those processed via Razorpay) are retained for as long as necessary to provide the services, to maintain business and tax records, and to comply with legal obligations. Depending on jurisdictional requirements, certain financial records may be retained for up to seven years.

Member data entered by a gym owner is retained as long as the gym account is active. Gym owners are responsible for managing and deleting their members' data within the App.

Your Rights

As a user of our App, you have the following rights regarding your personal data:

Access: You may request a copy of the personal data we hold about you.
Correction: You may update or correct your account information directly within the App or by contacting us.
Deletion: You may request deletion of your account and associated data.
Portability: You may request your data in a commonly used, machine-readable format.
Objection: You may object to certain uses of your data by contacting us.

To exercise any of these rights, please contact us at the email address provided in the Contact Us section below. We will respond to your request within 30 days.

Account Deletion: You can request account deletion by emailing us at gymscribee@gmail.com. We will process your request within 30 days and confirm deletion via email.

Children's Privacy

Our App is intended for use by gym business owners and managers and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.

If you believe a child under 13 has provided personal information to us, please contact us immediately at gymscribee@gmail.com.

Third-Party Services

Our App integrates with the following third-party services. Their privacy practices are governed by their own privacy policies:

Supabase – supabase.com/privacy
Google Firebase – firebase.google.com/support/privacy
Razorpay – razorpay.com/privacy

We recommend reviewing the privacy policies of these services to understand how they handle your data.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, through an in-app notification or email.

We encourage you to review this Privacy Policy periodically. Your continued use of the App after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:

Gym Scribe
Email: gymscribee@gmail.com
Location: Hyderabad, Telangana, India
For data deletion requests, please email with subject line: "Account Deletion Request"

We are committed to resolving any complaints about our collection or use of your personal information. We will respond to your query within 30 days of receipt.