📄 Legal

PRIVACY POLICY

We are committed to protecting your personal information and being fully transparent about how we collect, use, and safeguard your data.

Last Updated: April 12, 2026

This Privacy Policy describes how GymFit Technologies Pvt. Ltd. ("GymFit", "we", "us", or "our") collects, uses, and shares information about you when you use our mobile application, website at gymfit.app, and any related services (collectively, the "Service"). By using GymFit, you agree to the practices described in this policy.

1 Who We Are

GymFit is India's leading fitness platform, operated by GymFit Technologies Pvt. Ltd., a company registered under the Companies Act, 2013 with its registered office at Sector 44, Gurugram, Haryana 122003, India.

GymFit provides workout plans, video-based training, nutrition tracking, AI coaching, and community features to help users achieve their fitness goals.

🔒 GymFit is fully committed to your privacy. We will never sell your personal data to third parties for advertising.

2 Information We Collect

Information You Provide

  • Account Details — Name, mobile number, email address, and password upon registration
  • Profile Information — Age, gender, height, weight, and fitness goals
  • Payment Information — Processed securely via PCI-DSS compliant third-party payment processors; we do not store card details
  • Communications — Messages, support tickets, feedback, and reviews you submit
  • Referral Information — Referral codes shared or used during signup

Information Collected Automatically

  • Device Information — Device model, OS version, unique device identifiers, mobile network information
  • Usage Data — Workouts started/completed, videos watched, features used, session duration
  • Location Data — Approximate location (country/city) derived from IP address only; we do not collect GPS location without explicit consent
  • Log Data — IP address, browser type, pages visited, timestamps, crash reports

Health & Fitness Data

  • Workout history, reps, sets, duration, and estimated calories burned
  • Step counts and activity data (only if you grant permission to connect your device's health app)
  • Body measurements and progress photos (if voluntarily submitted)

3 How We Use Your Information

  • To create, manage, and maintain your GymFit account
  • To personalise workout recommendations and AI coaching based on your profile and goals
  • To process payments and manage premium subscriptions
  • To send transactional communications — account verification, password resets, billing receipts
  • To improve app performance, fix bugs, and develop new features
  • To detect, prevent, and investigate fraud, abuse, or security incidents
  • To comply with applicable Indian laws and regulations
  • To respond to your queries and provide customer support
⭐ Key Section

4 Use of Data

GymFit may use your personal identity information — including your name, mobile number, and email address — to reach out to you via the following communication channels to inform you about the latest product features, workout challenges, updates, and important notifications:

💬 WhatsApp 📱 SMS 📡 RCS 📧 Email 🔔 Push Notifications 📞 Calls

These communications may include:

  • New workout plan launches and fitness challenge announcements
  • Personalised workout reminders and streak notifications
  • Product updates, new feature announcements, and app version releases
  • Promotional offers and subscription renewal reminders
  • Important security alerts and account-related notifications

📢 You can opt out of promotional communications at any time by updating your notification preferences in the app, replying STOP to any SMS, or contacting us at privacy@gymfit.app. Transactional messages (like password resets and billing) cannot be opted out of while your account is active.

By registering on GymFit, you expressly consent to receiving such communications. GymFit's brand partners and affiliated companies may also reach out to you via these channels for purposes consistent with this Privacy Policy, subject to your communication preferences.

5 Data Sharing & Disclosure

We do not sell your personal data. We share your information only in the following limited circumstances:

Service Providers

We work with trusted third-party companies to operate our Service, including cloud hosting providers, payment processors, analytics platforms, and email/SMS delivery services. These providers process data strictly on our behalf under written data processing agreements.

Related Companies

We may share your personal identity information with any entity that is affiliated with GymFit for purposes consistent with this Privacy Policy, including to provide you with a seamless experience across our product suite.

Agents, Consultants and Related Third Parties

GymFit Technologies, like many businesses, sometimes uses other companies to perform certain business-related functions. Examples of such functions include maintaining databases and processing payments. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function.

Business Transfers

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal identity information might be transferred in the form of assets. You acknowledge that such transfers may occur, and that any acquirer or successor of GymFit Technologies may continue to use your information as set forth in this policy.

Legal Requirements and Other Circumstances

GymFit Technologies may disclose your personal identity information if required to do so by law or in the good faith belief that such action is necessary to:

  • (i) comply with a legal obligation
  • (ii) protect and defend the rights or property of GymFit Technologies
  • (iii) act in urgent circumstances to protect the personal safety of users of the website or services or the public
  • (iv) protect against legal liability
⭐ Key Section

6 The Security of Your Information

We will take reasonable precautions to protect personal identity information in our possession from loss, misuse, and unauthorized access, disclosure, alteration and destruction. We follow generally accepted industry standards to protect the personal identity information submitted to us, both during transmission and once we receive it.

Our specific security measures include:

  • Encryption in Transit — All data transmitted between your device and our servers is encrypted using TLS 1.3 (HTTPS)
  • Encryption at Rest — Sensitive data stored on our servers is encrypted using AES-256
  • Password Security — Passwords are hashed using bcrypt — never stored in plain text
  • Payment Security — All payment transactions are handled by PCI-DSS Level 1 compliant payment processors
  • Access Controls — Access to personal data is restricted to authorised personnel only, on a need-to-know basis
  • Regular Audits — We conduct regular security reviews, penetration testing, and vulnerability assessments
  • Incident Response — We have formal procedures in place to detect, respond to, and notify users of data breaches

⚠️ No method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal identity information, we cannot guarantee its absolute security. If you suspect your account has been compromised, please change your password immediately and contact us.

⭐ Key Section

7 Children

GymFit is not intended for or directed to persons under the age of 18. Any person who provides their information to GymFit Technologies represents to us that they are 18 years of age or older.

We do not knowingly collect or maintain personally identifiable information from persons under 18 years of age. If we learn that personally identifiable information of persons under 18 has been collected through GymFit, we will take the appropriate steps to delete this information.

If you are the parent or legal guardian of a minor who has provided personal information to GymFit without your consent, please contact us immediately at privacy@gymfit.app and we will delete that information promptly.

👨‍👧 Parents: If you discover your child under 18 has created a GymFit account, please email privacy@gymfit.app with the subject line "Minor Account Removal" and we will action it within 48 hours.

⭐ Key Section

8 Cookies

GymFit uses cookies and similar tracking technologies (such as local storage and pixel tags) on our website and mobile app to enhance your experience, analyse usage patterns, and deliver relevant content.

Types of Cookies We Use

  • Essential Cookies — Required for the Service to function. These keep you logged in and remember your session preferences. Cannot be disabled.
  • Analytics Cookies — Help us understand how users interact with GymFit — which pages are visited most, where users drop off, and how features are used. We use this to improve the app.
  • Preference Cookies — Remember your settings such as language, theme, and display preferences.
  • Marketing Cookies — Used to measure the effectiveness of our promotional campaigns and to deliver relevant advertisements (only with your consent).

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

  • View the cookies stored on your device
  • Delete cookies individually or all at once
  • Block cookies from specific websites or all websites
  • Receive a notification before a cookie is stored

Please note that disabling essential cookies will prevent you from logging in and using core features of the GymFit web platform. Our mobile app uses local device storage rather than browser cookies, but functions similarly.

🍪 We will always ask for your consent before placing non-essential cookies on your device. You can update your cookie preferences at any time via our Cookie Settings panel accessible from the website footer.

9 Your Rights

You have the following rights regarding your personal information held by GymFit:

  • Right to Access — Request a copy of all personal data we hold about you
  • Right to Correction — Request correction of inaccurate or incomplete data
  • Right to Deletion — Request erasure of your personal data ("right to be forgotten"), subject to legal retention requirements
  • Right to Portability — Receive your data in a structured, machine-readable format
  • Right to Withdraw Consent — Withdraw consent for marketing communications at any time
  • Right to Restriction — Request that we limit processing of your data in certain circumstances
  • Right to Object — Object to processing of your data for direct marketing purposes

To exercise any of these rights, email privacy@gymfit.app. We will respond within 30 days. Identity verification may be required before we can action your request.

10 Data Retention

  • Active account data is retained for as long as your account exists
  • After account deletion, personal profile data is removed within 30 days
  • Transaction and billing records are retained for 7 years as required by Indian tax law (GST Act)
  • Support communications are retained for 2 years from the date of the last interaction
  • Anonymised, aggregated analytics data may be retained indefinitely as it cannot be used to identify you
  • Backup data is purged within 90 days of account deletion

11 Business Transfers

If GymFit Technologies is involved in a merger, acquisition, sale of assets, or corporate restructuring, your personal data may be transferred to the acquiring entity. We will notify you via email or a prominent notice on the GymFit app at least 30 days before your data becomes subject to a different Privacy Policy. The new entity will be required to honour the commitments made in this Privacy Policy or seek fresh consent from you.

12 Changes to This Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will:

  • Update the "Last Updated" date shown at the top of this page
  • Send an in-app notification for significant changes
  • Email all registered users for material changes that substantially affect your rights
  • Require fresh consent where required by law

Continued use of GymFit after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

13 Contact Us

For any questions, complaints, or requests related to this Privacy Policy or your personal data, please contact our Privacy Team:

GymFit Privacy Team

📧 privacy@gymfit.app 📍 Sector 44, Gurugram, HR 122003 🕐 Response within 30 days

GymFit Technologies Pvt. Ltd.
Sector 44, Gurugram, Haryana 122003, India

Email Privacy Team