← Back to Home
πŸ”’

Privacy Policy

GymPro by SRTDigi β€” your privacy is our priority.

πŸ“… Last updated: June 26, 2026🌐 Applicable to: gymPro Platform & Mobile Apps

1. Overview

SRTDigi (β€œwe”, β€œour”, β€œus”) operates the GymPro gym management platform available at srtdigi.inand associated mobile applications (collectively, the β€œService”).

This Privacy Policy explains what personal information we collect, why we collect it, how it is stored, who we share it with, and your rights in relation to it. By using the Service, you agree to the collection and use of information in accordance with this policy.

This policy complies with the Information Technology Act, 2000 and its amendments (India), the GDPR (for EU/EEA users), and the DPDP Act, 2023 (Digital Personal Data Protection Act, India).

2. Data We Collect

A. Account & Profile Data

  • Full name, email address, and profile picture (via Google or GitHub OAuth, or email/password)
  • Business name, address, city, and phone number (for gym owners during onboarding)
  • Profile preferences, notification settings, and dashboard configuration

B. Member & Gym Data (uploaded by gym owners)

  • Gym member names, contact details, and membership details entered by gym operators
  • Attendance records, plan subscriptions, and payment history
  • Any notes, tags, or metadata added by the gym operator

C. Usage & Technical Data

  • IP address, browser type, device type, and operating system
  • Pages visited, features used, and session duration
  • Error logs and performance diagnostics (anonymised)

D. Communications

  • Emails and support messages sent to us
  • In-app feedback, survey responses, and feature requests

3. Payment Data & Processing

πŸ’³ Important β€” We do NOT store your card details

GymPro does not store, process, or transmit credit/debit card numbers, CVV codes, or bank account details on our servers. All payment data is handled exclusively by our certified PCI-DSS Level 1 payment partners.

Payment Processors We Use:

  • Razorpay β€” for Indian INR transactions (UPI, cards, net banking, wallets). Razorpay's privacy policy applies: razorpay.com/privacy
  • Stripe β€” for international USD/EUR transactions. Stripe's privacy policy applies: stripe.com/privacy

What we do receive from payment processors:

  • Transaction ID, payment status (success/failed/pending), and amount
  • Masked card last 4 digits (for display in receipts only)
  • Billing name and email (to generate invoices)
  • Subscription plan details and renewal dates

Gym member payments: When gym owners collect membership fees through GymPro's integrated billing, the same PCI-DSS protections apply. Gym owners are responsible for obtaining member consent to process payments via GymPro.

4. Authentication & Identity

Authentication for GymPro is powered by Clerk (clerk.com), a SOC 2 Type II certified authentication provider. Clerk handles:

  • Secure storage of hashed passwords (we never see your plain-text password)
  • Multi-factor authentication (MFA) tokens
  • OAuth tokens for Google and GitHub sign-in
  • Session tokens stored in secure, HttpOnly cookies

Clerk's privacy policy: clerk.com/privacy

We store your Clerk User ID linked to your gym profile in our own database. We do not store passwords. Session tokens expire after 24 hours of inactivity.

5. How We Use Your Data

  • πŸ‹οΈ To provide and operate the GymPro platform and its features
  • πŸ’³ To process subscription payments and generate invoices
  • πŸ“§ To send transactional emails (receipts, verification codes, password resets)
  • πŸ“Š To generate analytics and reports visible only to the gym owner
  • πŸ” To detect, prevent, and respond to security incidents
  • πŸ› οΈ To improve the Service, fix bugs, and develop new features
  • πŸ“œ To comply with applicable laws (GST invoicing, audit requirements)
  • πŸ“£ To send you product updates and offers (you may opt out at any time)

We do not sell your personal data to advertisers or data brokers.

6. Data Sharing & Third Parties

We only share data with third parties in the following circumstances:

πŸ”

Clerk (Authentication)

User identity and session management.

πŸ’³

Razorpay / Stripe (Payments)

Billing data for subscription and member payments.

☁️

Vercel / AWS (Hosting)

Platform infrastructure and CDN delivery. Data processed in India/US/EU data centres.

πŸ“§

Resend / SendGrid (Email)

Sending transactional emails. Email address only.

πŸ“Š

Analytics (Privacy-first)

Anonymised usage metrics. No individual tracking.

βš–οΈ

Legal Authorities

If required by Indian law, court order, or regulatory authority.

7. Data Storage & Security

Where data is stored: Primary data is stored on servers within India (Mumbai region) and replicated to Singapore for disaster recovery. EU user data may be stored in the EU region.

Security measures we implement:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for all data in transit (HTTPS only)
  • Role-based access control (RBAC) β€” only the gym owner sees their own data
  • Regular security audits and vulnerability scans
  • SOC 2 Type II certified infrastructure partners
  • PCI-DSS Level 1 certified payment processing
  • Automatic session expiry and CSRF protection
  • Rate limiting and brute-force protection on all authentication endpoints

8. Data Retention

  • Active accounts: Data retained for the duration of your subscription
  • Cancelled accounts: Data retained for 90 days after cancellation, then permanently deleted unless required by law
  • Payment records: Retained for 7 years as required by Indian GST and Companies Act
  • Security logs: Retained for 12 months
  • Backup data: Encrypted backups are purged within 30 days of account deletion

You may request early deletion by contacting us at privacy@srtdigi.in, subject to legal retention requirements.

9. Your Rights (GDPR / DPDP Act / IT Act)

Depending on your jurisdiction, you have the following rights regarding your personal data:

πŸ‘οΈ

Right to Access

Request a copy of all data we hold about you

✏️

Right to Rectification

Correct inaccurate or incomplete data

πŸ—‘οΈ

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

πŸ“¦

Right to Portability

Receive your data in a portable, machine-readable format

🚫

Right to Object

Object to processing for marketing purposes

⏸️

Right to Restriction

Request restriction of processing in certain circumstances

🀝

Right to Consent Withdrawal

Withdraw consent at any time without affecting prior processing

πŸ“’

Right to Complain

Lodge a complaint with your national data protection authority

To exercise any right, email privacy@srtdigi.in. We will respond within 30 days.

10. Cookies

We use cookies and similar tracking technologies. For full details, see our Cookie Policy.

Essential cookies: Required for authentication, security, and core functionality. Cannot be disabled.

Analytics cookies: Help us understand how users interact with the platform. You may opt out via our cookie banner.

No advertising cookies: We do not use third-party advertising or tracking cookies.

11. Children's Privacy

GymPro is intended for business operators aged 18 and above. We do not knowingly collect personal data from children under 13. If you believe a child has provided us personal information, please contact us at privacy@srtdigi.in and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Sending an email to your registered address
  • Displaying a prominent banner in the GymPro dashboard
  • Updating the β€œLast Updated” date at the top of this page

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

Data Controller

SRTDigi

Website: https://srtdigi.in

Privacy enquiries: privacy@srtdigi.in

For GDPR-related requests, include β€œGDPR Request” in your email subject line. For DPDP Act requests, include β€œDPDP Request”.

πŸ“œ Terms of ServiceπŸͺ Cookie PolicyπŸ’³ Refund Policy