Privacy Policy

Effective May 1, 2026

This Privacy Policy explains how GymOps ("we", "us", or "our") collects, uses, and shares information when you use the GymOps mobile app, web app, and owner portal (together, the "Service"). By using the Service, you agree to this policy.

1. Who we are

GymOps is an operations platform for gyms and fitness studios. The Service is offered to gym owners ("Owners") and the staff they invite ("Staff"). Owners are the data controllers for their staff's data within their gym; we act as a data processor on the Owner's behalf for that staff data.

2. Information we collect

2.1 Information you provide

• Account information. Name, email address, password (hashed), and the gym you belong to.
• Profile information. Job role, location assignment, profile photo, hire date, hourly rate (if entered by your Owner).
• Content you create. Messages, survey responses, role-play session recordings, uploaded receipts and documents, course completions.
• Payment information (Owners only). Billing details are collected directly by our payment processor, Stripe; we never see or store your full card number.

2.2 Information collected automatically

• Usage data. Pages and features you interact with, timestamps, device and operating system version.
• Diagnostic data. Crash reports and performance traces (collected by Sentry) so we can find and fix bugs.
• Approximate location. When you clock in or out, we use coarse location to verify you are at the gym (geofence). We do not track location continuously.
• Push notification token. A device identifier issued by Apple or Google, used only to send you the notifications you have enabled.

2.3 Audio data

When you complete a role-play scenario, we record your voice and send the audio to our AI scoring partner (OpenAI) to generate a coaching score and transcript. Audio is not retained beyond the time needed to score the session and is never used to train AI models.

3. How we use your information

• To provide the Service — let you sign in, complete training, role-play, clock in, message your team, view your progress, and earn rewards.
• To give your Owner the analytics they need to coach the team — leaderboards, role-play scores, course completions, attendance.
• To process payments (Owners) and pay out earned rewards (Staff, where applicable).
• To improve and secure the Service — diagnostics, fraud prevention, abuse detection.
• To communicate with you — service announcements, password resets, support replies.

4. How we share your information

We do not sell your personal information. We share it only with:

• Your gym. The Owner and managers you work for can see your profile, training progress, role-play scores, and any content you post inside your gym.
• Service providers. Stripe (payments), Resend (email), Sentry (crash reporting), OpenAI (role-play scoring), Tremendous (gift card fulfillment, only if your Owner enables it), Amazon Web Services (storage), and Expo / Apple / Google (push notifications).
• Legal requirements. If required by law, court order, or to protect the rights, safety, or property of GymOps, our users, or others.
• Business transfers. If GymOps is acquired or merges with another company, your information may transfer to the successor, subject to this Privacy Policy.

5. Tracking and advertising

We do not track you across other apps or websites for advertising. We do not use third-party advertising SDKs. We do not sell or share data for cross-context behavioral advertising under California law.

6. Data retention

We retain your information for as long as your account is active. When you delete your account (see Section 8), we permanently remove or anonymize your personal information within 7 days, except where we are required to retain it to comply with legal obligations (e.g. tax or audit records).

7. Security

We use industry-standard encryption in transit (HTTPS) and at rest, hashed passwords, and access controls to protect your information. No system is 100% secure; please use a strong, unique password and notify us immediately at support@gymopsapp.com if you suspect your account has been compromised.

8. Your rights and choices

• Access and correction. Most of your information is visible and editable inside the app. Email us if you need help finding or correcting something.
• Account deletion. You can delete your account from inside the GymOps app (Profile → Danger Zone → Delete Account). Deletion is final after a 7-day grace window.
• Data export. Email support@gymopsapp.com to request a copy of your personal data; we will respond within 30 days.
• Notification controls. Manage push and email preferences in the app's notification settings.
• EU / UK / California residents. You have additional rights under the GDPR, UK GDPR, and CCPA, including the right to object to or restrict processing, the right to data portability, and the right to lodge a complaint with your supervisory authority. Contact us to exercise these rights.

9. Children

The Service is not directed to anyone under 16 years old, and we do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

10. International transfers

GymOps is operated from the United States. If you use the Service from outside the United States, your information will be transferred to and processed in the United States. We rely on standard contractual clauses or equivalent safeguards where required.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you in-app or by email at least 14 days before they take effect. The "Effective" date at the top of this page reflects the latest version.

12. Contact us

Questions, requests, or complaints? Email support@gymopsapp.com.