Privacy Policy

This Privacy Policy describes how VectorWay Technologies (OPC) Private Limited ("Company", "we", "us", or "our"), operating under the brand name ManageYourGym, collects, uses, stores, shares, and protects your personal information when you access or use our website at manageyourgym.com, our web application, mobile applications, APIs, and any related services (collectively, the "Platform").

By accessing or using the Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our Platform.

1. Information We Collect

1.1 Information You Provide Directly

• Account & Registration Data: Name, email address, phone number, business name, gym name, address, and password when you create an account.
• Gym Member Data: Names, contact details, membership plan details, attendance records, payment histories, health or fitness notes, photographs, and emergency contact information of gym members that you (as a gym owner/admin) enter into the Platform.
• Trainer Data: Trainer names, qualifications, schedules, contact information, and assignment records.
• Payment & Billing Information: Subscription plan details, invoices, transaction IDs, and payment method information. We do not directly store your full credit/debit card numbers; payment processing is handled by third-party payment gateways.
• Communications: Messages you send to us via the contact form, email, support tickets, or any other communication channel.

1.2 Information Collected Automatically

• Device & Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
• Usage Data: Pages visited, features used, click patterns, session duration, referring URLs, and navigation paths within the Platform.
• Cookies & Similar Technologies: We use cookies, local storage, and similar tracking technologies to maintain sessions, remember preferences, and analyze usage. See Section 8 (Cookies) for more details.
• Log Data: Server access logs including timestamps, request methods, response codes, and error logs for debugging and security purposes.

1.3 Information from Third Parties

• Payment confirmation and transaction status from payment gateway providers.
• Analytics data from third-party analytics services (e.g., Google Analytics).

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve the Platform, including member management, attendance tracking, payment processing, trainer management, reporting, and analytics features.
• Account Management: To create and manage your account, authenticate your identity, and process subscription billing.
• Communication: To send you transactional emails (e.g., account verification, password resets, payment receipts), service updates, security alerts, and support responses.
• Analytics & Improvement: To understand how users interact with our Platform, identify trends, measure feature effectiveness, and improve user experience.
• Security & Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Marketing (with consent): To send promotional materials about new features, offers, or services, only where you have opted in to receive such communications.

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Contractual Necessity: Processing necessary for the performance of our contract with you (i.e., providing the Platform services you signed up for).
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Platform, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
• Consent: Where you have given explicit consent, such as for marketing communications or non-essential cookies.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service Providers: We share data with trusted third-party vendors who assist us in operating the Platform, including cloud hosting providers, payment gateways, email delivery services, and analytics providers. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
• Gym Owner Access: If you are a gym member whose data has been entered into the Platform by a gym owner/admin, that gym owner/admin and their authorized staff will have access to your data within the Platform for the purpose of managing gym operations.
• Legal Requirements: We may disclose your data if required by law, court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our Platform of any change in ownership or uses of your personal data.
• Aggregated/Anonymized Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you, for industry analysis, benchmarking, and research purposes.

5. Data Storage and Security

5.1 Storage

Your data is stored on secure servers provided by reputable cloud infrastructure providers. Data may be stored and processed in India and other jurisdictions where our service providers maintain facilities. By using the Platform, you consent to the transfer of your data to these locations.

5.2 Security Measures

We implement industry-standard security measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL protocols.
• Encryption of sensitive data at rest.
• Secure password hashing using bcrypt.
• Role-based access controls and multi-tenant data isolation ensuring each gym's data is segregated.
• Regular security assessments and vulnerability monitoring.
• Rate limiting and throttling to prevent abuse.
• JWT-based authentication with secure token handling.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Data: Retained for the duration of your active account. Upon account deletion request, we will delete or anonymize your data within 90 days, except where retention is required for legal or regulatory purposes.
• Gym Member Data: Retained as long as the associated gym account is active. Gym owners are responsible for managing the retention and deletion of their members' data within the Platform.
• Transaction Records: Retained for a minimum of 7 years to comply with financial and tax regulations in India.
• Log Data: Server and access logs are retained for up to 12 months for security and debugging purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Right to Restriction: Request restriction of processing of your personal data in certain circumstances.
• Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing of your personal data for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at privacy@manageyourgym.com. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

You can control cookies through your browser settings. Disabling essential cookies may impact the functionality of the Platform. Most modern browsers allow you to block or delete cookies — refer to your browser's help documentation for instructions.

9. Third-Party Services

The Platform may integrate with or contain links to third-party services. These third-party services have their own privacy policies and we are not responsible for their practices. Third-party services we may use include:

• Cloud Hosting: For server infrastructure and data storage.
• Payment Gateways: For processing subscription payments securely.
• Email Services: For sending transactional and marketing emails.
• Analytics Providers: For website usage analytics and performance monitoring.

We encourage you to review the privacy policies of any third-party service before providing your information to them.

10. Data Processing for Gym Owners (Data Controller & Processor Relationship)

When gym owners use the Platform to manage their gym members' data:

• The gym owner acts as the Data Controller and is responsible for obtaining appropriate consent from their gym members for data collection and processing.
• VectorWay Technologies (OPC) Private Limited acts as a Data Processor, processing gym member data on behalf of the gym owner as per the service agreement.
• Gym owners are responsible for ensuring they have a lawful basis for collecting and processing their members' data and for responding to their members' data rights requests.
• We provide tools within the Platform for gym owners to manage, export, and delete member data to help them fulfill their obligations.

11. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If a gym owner enters data of a minor gym member, the gym owner is responsible for obtaining the necessary parental or guardian consent. If we become aware that we have collected personal data from a child without proper consent, we will take steps to delete that information.

12. International Data Transfers

Your data may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data internationally, we take appropriate safeguards to ensure your personal data remains protected in accordance with this Privacy Policy and applicable law, including using standard contractual clauses or other approved transfer mechanisms where required.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or through a notice on the Platform. We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the name and contact details of the Grievance Officer are provided below:

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: