Term and Condition - GymSaathi - India's best AI Powered Gym management company

Effective Date: November 08, 2025
Last Updated: November 08, 2025
Welcome to GymSaathi (“Company,” “we,” “us,” or “our”).
At GymSaathi, we deeply value your privacy and are committed to protecting the personal data you
share with us. This Privacy Policy outlines how we collect, use, store, and protect your personal and
sensitive information in compliance with applicable Indian data protection and cybersecurity laws,
including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and
related rules.
By accessing or using GymSaathi’s services – through our website, mobile application, or partner
platforms – you consent to the practices described in this Privacy Policy.

Our Commitment to Privacy
GymSaathi recognizes that your data – whether personal, fitness-related, or business-related – is valuable.
We adhere to the principles of:
• Lawful and fair processing of data
• Purpose limitation (collect only what’s necessary)
• Data minimization
• Accuracy and transparency
• Security and accountability
We never sell, rent, or trade your personal data.

Information We Collect
We collect information to provide, improve, and personalize your experience. The types of data we collect include:
a. Personal Information:
• Full name
• Date of birth
• Gender
• Contact details (email, phone number)
• Login credentials (if applicable)

b. Sensitive Personal Data or Information (SPDI):
As defined under the IT Rules, 2011, this may include:
• Health and fitness data (body metrics, workout stats, diet preferences)
• Biometric information (if applicable, for gym access or attendance)
• Payment information (credit/debit card, UPI, bank details, etc.)

c. Gym and Business Information:
For gym owners, trainers, or business partners using GymSaathi’s services:
• Gym name, registration details, GSTIN
• Business contact and address
• Subscription or membership data

d. Technical and Device Data:
• IP address
• Device type, operating system, browser information
• Location data (with user consent)
• Usage logs, app performance analytics, cookies

How We Use Your Data
We process your information only for legitimate, clearly defined purposes, such as:
• To create and manage user profiles
• To match users with nearby gyms, trainers, and fitness programs
• To process payments, subscriptions, and billing
• To improve our services, features, and user interface
• To send alerts, reminders, and promotional updates (only with consent)
• To ensure cybersecurity and prevent fraud or misuse
• To comply with applicable legal obligations and government directives

Legal Basis: Processing is based on your consent, contractual necessity, and legitimate business interest, as permitted under Indian law.

Data Storage and Security
We implement industry-standard technical and organizational measures to safeguard your data from unauthorized access, disclosure, or loss.
Our practices include:
• AES-256 encryption for data in transit and at rest
• Secure servers hosted in India (in compliance with localization norms)
• Two-factor authentication (2FA) for user accounts
• Periodic vulnerability assessments and penetration testing
• Access control and role-based data authorization
GymSaathi complies with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, following standards such as ISO/IEC 27001 for data protection.

Data Retention
We retain your personal data only for as long as necessary to:
• Fulfill the purposes for which it was collected,
• Comply with legal, regulatory, or contractual obligations, or
• Resolve disputes and enforce agreements.
Once data is no longer required, it will be securely deleted or anonymized as per industry best practices.

Data Sharing and Disclosure
We do not sell or lease your personal data. However, we may share limited data with:
a. Authorized Partners:
• Payment gateways, cloud storage providers, and analytics tools
• Fitness and gym partners (for membership verification and services)

b. Legal or Regulatory Authorities:
When required by law, court order, or government directive, in compliance with Indian legal obligations.

c. Service Providers:
Third-party vendors supporting GymSaathi in technology, marketing, or infrastructure – all bound by strict confidentiality agreements and data processing contracts.

User Rights Under Indian Law
In accordance with the Digital Personal Data Protection Act, 2023, you have the following rights:
• Right to Access: Know what data we hold and how it is used.
• Right to Correction: Request correction or updating of inaccurate data.
• Right to Erasure: Ask for deletion when data is no longer necessary.
• Right to Withdraw Consent: Opt out of non-essential data use or communications.
• Right to Data Portability: Request a copy of your data in a structured format.
• Right to Grievance Redressal: Lodge complaints with our Data Protection Officer (DPO) if issues arise.

To exercise these rights, contact our DPO at:
email@gymsaathi.com
+91 11 6926 8182
We will respond to all valid requests within 30 days, as required by law.

Cookies and Tracking
Our website and app use cookies, pixels, and analytics tools to enhance user experience and analyse performance.
• You can disable cookies via browser settings.
• We never track or profile users for unauthorized advertising purposes.

Cross-Border Data Transfers
GymSaathi primarily stores and processes all data within India.
In limited cases, if cross-border transfers are necessary (e.g., cloud backups or global service providers), we ensure:
• Transfers are made under adequate contractual safeguards.
• The destination country has comparable data protection standards.

Children’s Data
GymSaathi’s services are not intended for children under 18 years of age.
We do not knowingly collect or process data of minors without parental or guardian consent, in compliance with Section 9 of the DPDP Act, 2023.

Legal Compliance
This Privacy Policy is governed by:
• The Digital Personal Data Protection Act, 2023
• The Information Technology Act, 2000 and associated Rules
• The Indian Penal Code, 1860 (Cybersecurity and Fraud)
Any disputes shall be subject to the exclusive jurisdiction of the courts in Bareilly, India.

Grievance Redressal and Contact
We take user privacy seriously. For queries, complaints, or data-related concerns, contact our:

Data Protection Officer (DPO):
Name: Bharat Gangwar
Email: email@gymsaathi.com
Phone: +91 11 6926 8182
Address: GymSaathi Pvt. Ltd., GC1, Greater Noida, Uttar Pradesh(, (201009), India

If you are unsatisfied with our response, you may escalate your complaint to the Data Protection
Board of India, under the DPDP Act, 2023.

Updates to This Policy
GymSaathi may periodically update this Privacy Policy to reflect new legal, regulatory, or
technological developments. Any changes will be posted here with a revised “Effective Date.”
Continued use of our services after updates implies acceptance of the revised policy.

© GymSaathi.com | All Rights Reserved | BJS Wellness (OPC) Private Limited