Privacy Policy

What we collect

From gym owners and staff: name, email, phone, address, role, login credentials. From members signing up at gyms using Gymsync: name, email, phone, date of birth, optional health/emergency contact info, transactions, class bookings.

How we use it

• Operate the Service: schedule classes, process payments, deliver member apps
• Communicate with you about your account, billing, and product updates
• Aggregate, anonymous analytics for product improvement
• Comply with legal obligations

Platform administrators may access account data for support and operational purposes. All access is logged and disclosed to gym owners via /dashboard/account/admin-access-log. We do not access member-level data (individual member chats, profile details, payment cards) except in the course of resolving a specific support ticket where required.

Who we share with

Sub-processors: Stripe (payments), Supabase (database + auth), Vercel (hosting), Resend (email), Anthropic (Friday AI Assistant). We do not sell your data to advertisers.

Friday AI usage

When staff use Friday, prompt + response text is sent to Anthropic. We log queries in ai_usage_log for cost tracking + audit purposes; this log is only visible to your gym's owner and admins. Member PII is not auto-injected into prompts.

Cookies

We use first-party session cookies for authentication. We do not use third-party tracking cookies.

Your rights

You can request export, correction, or deletion of your data anytime via privacy@gymsync.co. We respond within 30 days.

Retention

Account data is retained while your subscription is active and for 90 days after cancellation, after which it is permanently deleted unless legally required to retain longer.

Contact

privacy@gymsync.co · C.Green Holdings LLC.