GymOS

GYMOS

Gym business operating system

Back

GymOS legal

Privacy Policy

GymOS is committed to protecting the privacy of gym owners, administrators, and members who use our platform. This policy explains what data we collect, how we use it, and your rights under applicable Indian law.

Last updated: April 24, 2026

Last updated: May 2026

Note: The GymOS Member App is for gym members. Additional features for gym owners and administrators are available through the GymOS web platform at thegymos.app.

1. Who We Are

GymOS (“GymOS”, “we”, “our”, or “us”) operates a gym management and member engagement platform accessible at thegymos.appand through our mobile application (“GymOS Member App”).

GymOS is operated from India. This policy is governed by Indian law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

This Privacy Policy applies to all users of the GymOS platform, including gym owners, gym administrators, gym members, and visitors to our website. By using GymOS, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

2.1 Account and Identity Information

When a gym owner is onboarded or a member registers through the app, we collect information such as name, phone number, email address, and login credentials. This is used to create and manage your account on the platform.

2.2 Membership and Gym Data

GymOS stores operational data entered by gym teams and members, including membership records, attendance history, fitness goals, body metrics voluntarily provided (such as height, weight, and BMI), workout logs, and renewal history. This data is owned by the gym and its members and is processed solely to deliver the service.

2.3 Progress Photos and Profile Media

Members may voluntarily upload progress photos through the GymOS Member App. These photos are stored securely in private cloud storage and are accessible only to the member and, where the member chooses to share, to other members of the same gym through the in-app social feed. Photos are not accessible to the general public.

Members may also upload a profile avatar photo, which is visible to other members of the same gym within the app. Members may update or remove their profile photo at any time from within the app.

2.4 Social and Community Features

The GymOS Member App includes an in-gym social community feed. When using these features, the following data is collected and shared with other members of the same gym:

  • Progress posts and captions that you choose to share to the community feed
  • Likes and comments you make on other members’ posts
  • Follow relationships — who you follow and who follows you
  • Leaderboard rankings based on personal workout records, visible to gym members

Social content is shared only within the member’s gym and is not shared with the general public or with members of other gyms. You may set your account to private at any time from your Profile settings to restrict who can view your posts and follow you.

Members may report inappropriate content or block other members from within the app. Reports are reviewed by gym administrators and the GymOS team.

2.5 Device and App Permissions

The GymOS Member App may request access to the following device features, with your explicit permission:

  • Camera: Used to scan QR codes for gym connection and daily attendance check-in.
  • Photo Library: Used to select and upload progress photos and profile pictures to the in-app community feed.
  • Notifications: Used to send workout reminders and gym check-in confirmations.

You may revoke any of these permissions at any time through your device settings. Revoking permissions will disable the associated features but will not affect your account or other app functionality.

2.6 Communications and Messaging

GymOS may send operational communications via email and, where enabled by the gym and consented to by the member, via WhatsApp. These messages include membership updates, payment confirmations, renewal reminders, and account notifications. You may opt out of non-essential communications at any time by contacting us or your gym administrator.

2.7 Usage and Platform Data

We collect information about how the platform is used, including features accessed, session activity, and error events. This is used to maintain reliability, diagnose issues, and improve the product.

We use the following third-party services to support this:

  • Sentry: Used for crash reporting and error monitoring. Crash data is anonymised and does not include personal identifiers or authentication details.
  • PostHog: Used for product analytics. Only anonymous usage patterns are tracked. No personally identifiable information, phone numbers, email addresses, or authentication data is sent to PostHog.

2.8 Technical Information

We automatically collect certain technical data, including IP address, device type, operating system version, and app version. This is used for security monitoring and platform diagnostics.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage your GymOS account and deliver the services you have requested
  • To process gym owner onboarding and manage platform access
  • To enable gym members to track attendance, workouts, progress, and memberships through the mobile app
  • To personalise your in-app experience, including workout recommendations and meal planning suggestions based on your fitness data
  • To power the in-gym social community feed, leaderboards, and member interaction features
  • To send transactional notifications including check-in confirmations, membership renewals, and password resets
  • To operate, maintain, and improve the GymOS platform and mobile application
  • To monitor for security incidents and unauthorised access
  • To respond to support requests and account-related queries
  • To comply with applicable legal obligations
  • To generate aggregated, anonymised analytics to understand product usage trends

We do not use your data to serve third-party advertising. We do not sell, rent, or trade personal information to any third party for their own commercial purposes.

4. Account Deactivation and Deletion

In compliance with applicable app store requirements and the DPDP Act, members have the right to request deactivation and deletion of their account directly from within the GymOS Member App.

  • Deactivation: When a member deactivates their account, all active sessions are immediately terminated. The account enters a 30-day recovery window during which the member may log back in to restore their account.
  • Permanent Deletion: If the member does not log back in within 30 days of deactivation, the account and associated personal data will be permanently deleted. Financial records and invoices may be retained as required for legal and accounting compliance under Indian law.
  • Reactivation: Logging back in within the 30-day window will automatically reactivate the account and cancel the scheduled deletion.

Members may also submit a deletion request by contacting us at support@thegymos.app.

5. Data Sharing

GymOS does not sell personal data. We share data only as strictly necessary to operate the platform, with the following categories of service providers who are bound by confidentiality and data processing obligations:

  • Cloud infrastructure and storage: Secure cloud hosting and database services used to operate the platform and store user data.
  • Email delivery: Secure email delivery services used to send operational and transactional emails.
  • Error monitoring: Anonymised crash and error reporting via Sentry.
  • Product analytics: Anonymous usage analytics via PostHog.
  • Payment processing: Where applicable, payment and billing services for subscription management.

All service providers are required to process data only for the purposes we specify and to maintain appropriate security measures.

6. Data Retention

We retain personal data for as long as your account is active or as needed to provide the service. Following account deletion, personal data is removed in accordance with our deletion schedule described in Section 4.

Financial records, invoices, and transaction data may be retained for up to 7 years as required under the Companies Act and GST laws of India.

7. Data Security

GymOS implements industry-standard technical and organisational security measures to protect your data, including encrypted data transmission, access controls separating different user roles, and secure storage of credentials and sensitive information. We regularly review our security practices to address emerging risks.

No system is entirely free from risk. We encourage all users to protect their own login credentials and to notify us immediately if they suspect any unauthorised access to their account.

8. Your Rights Under the DPDP Act, 2023

Under the Digital Personal Data Protection Act, 2023 and other applicable Indian law, you have the following rights in respect of your personal data:

  • Right to access: To obtain a summary of the personal data we hold about you and the purposes for which it is processed.
  • Right to correction: To request correction of inaccurate or incomplete personal data.
  • Right to erasure: To request deletion of your personal data, subject to legal retention obligations.
  • Right to withdraw consent: To withdraw consent for optional data processing at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
  • Right to grievance redressal: To raise a complaint or grievance with our designated Grievance Officer (see Section 13).
  • Right to nominate: To nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please contact us at support@thegymos.app. We will respond within 30 days. We may need to verify your identity before processing any request.

9. Cookies and Session Management

The GymOS web platform uses essential session cookies strictly necessary for authenticated access. These cookies do not track you across other websites and are not used for advertising.

The GymOS mobile app uses secure local storage for session management on your device. Access and refresh tokens are stored in hardware-backed encrypted storage and are never accessible to other apps.

10. Children’s Privacy

GymOS is intended for use by individuals aged 18 and above. We do not knowingly collect personal data from minors. If you believe that a minor has provided data through the platform without appropriate parental consent, please contact us immediately at support@thegymos.app and we will take appropriate action.

11. Cross-Border Data Transfers

Our infrastructure and service providers may process data in jurisdictions outside India. Where data is transferred internationally, we ensure appropriate safeguards are in place consistent with the requirements of the DPDP Act and applicable Indian law. We work only with providers that maintain recognised security standards and enter into appropriate data processing agreements.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify account holders by email or in-app notification. Your continued use of GymOS after changes are posted constitutes acceptance of the updated policy.

13. Grievance Officer and Contact

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, any grievance related to the processing of your personal data may be directed to our Grievance Officer:

Grievance Officer — GymOS
Email: support@thegymos.app
Website: thegymos.app
Response time: Within 30 days of receipt of the grievance.

If your grievance is not resolved to your satisfaction, you may escalate the matter to the Data Protection Board of India once operational, or seek any other remedy available under applicable Indian law.

Have questions? Ask Athena AI.