Privacy Policy

This Privacy Policy (“Policy”) describes the policies and procedures on the collection, use, disclosure, and protection of your information when you use the Gym Codex website or mobile application (collectively, the “Gym Codex Platform”) operated by Gym Codex (“Gym Codex,” “Company,” “we,” “us,” or “our”).

The terms “you” and “your” refer to gym owners and authorized staff users of the Gym Codex Platform. The term “Services” refers to any services provided by Gym Codex through the Platform.

By accessing or using any part of the Platform, you agree to be bound by the terms of this Policy and our Terms of Use.

1. Your Consent

By using the Gym Codex Platform and our Services, you consent to the collection, use, storage, transfer, disclosure, and sharing of your information as described in this Policy. If you do not agree with this Policy, please do not use the Platform.

2. Policy Changes

We may update this Policy from time to time. If significant changes are made, we will notify you via notices on the Platform or through your registered contact information. Your continued use of the Services after such changes will constitute your acceptance of the revised Policy.

3. Information We Collect

• Gym and Business Details: Includes gym name, address, contact number, and registration documents.
• Staff and Admin User Information: Includes name, phone number, email address, role (e.g., admin, trainer), and login credentials. Only gym owners and authorized staff have user accounts and access the Gym Codex Platform.
• Member and Lead Information (Entered by Gyms):
  • Members: Name, gender, age, phone number, email address (if provided), membership details, visit history, and body composition data (such as height, weight, body fat percentage, BMI, BMR).
  • Leads: Name, phone number, email address, inquiry details, and follow-up records.

  This information is collected and entered into the platform by authorized gym staff. Gyms are solely responsible for obtaining appropriate consent from members and leads before entering their data into the Gym Codex Platform. Gym Codex may send receipts and body composition reports to members via email or similar channels, as submitted by the respective gym.

• Device and Session Information: We collect device-related data such as browser type, device type, IP address, operating system, and local storage tokens for session management when accessed by authorized users.

4. Uses of Your Information

We use the information we collect to:

• Register gyms and manage staff/admin accounts.
• Enable gym staff to manage member records, leads, and body composition data.
• Generate and send receipts and reports to members.
• Provide reporting, analytics, and tools for gyms.
• Improve and secure the Gym Codex Platform.
• Provide technical and customer support.
• Comply with legal and contractual obligations.

5. Session Management

Gym Codex does not use cookies, pixel tags, or similar tracking technologies.

We use a session token stored in local storage on the staff/admin user's device to manage login sessions and authentication. This token is only used to identify the authenticated user during their active session and is not shared with any third parties.

The session token does not have an automatic expiry. You can clear it at any time by logging out or clearing your browser storage.

6. Sharing of Information

Your data may be shared as follows:

• With Service Providers: We may share your data with third-party vendors who help us deliver the Services (e.g., cloud hosting, PDF generation, email delivery).
• With Gym Administrators: If you are a staff user, your information may be visible to the gym owner or admin.
• With Legal Authorities: We may disclose your data to law enforcement or regulatory bodies when legally required.
• With Research Institutions: We may share only aggregated and anonymized data with reputable research institutions for academic or statistical purposes, and only with appropriate safeguards in place.

7. Data Storage and Security

Your data is securely stored on cloud infrastructure (e.g., Amazon Web Services) using industry-standard encryption and access controls. We implement:

• Encryption of data in transit and at rest
• Access restrictions based on user roles
• Secure authentication with session tokens
• Routine security monitoring and backups

Data may be hosted on servers located outside India. Our hosting providers comply with relevant data protection and security standards.

8. Opt-Out and Data Deletion

• For Staff/Admin Users: You may opt out of receiving promotional messages or request deletion of your account by contacting: help@gymcodex.com. We will process such requests within 5 business days unless we are legally required to retain the data.
• For Members and Leads: Members and leads do not hold user accounts on the Gym Codex Platform. Their data is maintained by the gym staff. To access or update this information, please contact the respective gym. Gym Codex acts as a data processor on behalf of the gyms, who serve as the data controllers for member and lead data.

9. Data Hosting and International Transfers

Data collected via the Gym Codex Platform may be stored on servers operated by third-party providers (e.g., Amazon Web Services), which may be located outside of India. These providers implement robust security measures, which are outlined in their respective privacy policies.

For more details, visit: https://aws.amazon.com/privacy