Privacy Policy

Last updated: June 22, 2026

Gym Ledger ("we", "our", or "us") is a gym membership management application. This Privacy Policy explains what information the app collects, how it is used, where it is stored, who processes it on our behalf, and the choices you have. It is intended to be a complete and honest inventory of the app's data behaviour.

1. Information We Collect

We collect the following categories of information:

a) Account Information (via Google Sign-In)

• Name
• Email address
• Google profile identifier and profile photo URL

b) Gym Profile Information (provided by you)

• Gym name, contact phone number, address
• Optional gym logo image
• UPI ID, GSTIN, and other billing details if you choose to enter them

c) Member Data (entered by you about your gym members)

• Member names, phone numbers, email addresses, optional profile photos
• Subscription plans, durations, amounts, start and end dates
• Payment history and records
• Attendance records and notes added by the gym owner

d) Technical and Diagnostic Data (collected automatically)

• Device model, operating system name, OS version
• App name, app version, and build number
• Push notification device token
• Crash stack traces, breadcrumbs, and non-fatal error reports (via Firebase Crashlytics)
• Performance traces for key flows such as app startup and payment verification (via Firebase Performance Monitoring)
• Device-integrity attestation results from Google Play Integrity API (via Firebase App Check)

e) Product Analytics Events (collected automatically, via Firebase Analytics)

The app logs the following named events together with limited, non-sensitive parameters such as plan type, member count milestones, payment method, or feature name:

• app_open, onboarding_complete
• member_added, member_count_milestone, member_renewed
• payment_recorded, coupon_applied
• feature_used, whatsapp_sent, report_viewed
• upgrade_screen_viewed, upgrade_started, upgrade_completed, upgrade_cancelled
• bug_report_submitted

A single user property is_premium (true or false) is also set so that we can distinguish trial and paid usage in aggregate analytics. Analytics events do not contain member names, phone numbers, or other personal data of your gym members.

f) Payment Data (when you subscribe to Gym Ledger Pro)

• The Razorpay checkout receives your email, phone, name, and the subscription amount (currently ₹3,999 per year) so that it can render the payment sheet.
• After Razorpay returns a successful payment, the resulting Razorpay payment ID, order ID, and signature are stored against your account in Cloud Firestore for verification and refund support.
• We do not see, store, or transmit your card number, UPI PIN, bank credentials, or one-time passwords. Those remain entirely within Razorpay's PCI-DSS compliant flow.

g) Member Photos and Gym Logos

If you upload a member profile photo or a gym logo, the image is stored in Firebase Storage under your account's owner ID (paths member_photos/{ownerId}/ and gym_logos/{ownerId}/). Each owner's images are isolated by Storage security rules so that only that account and the staff members linked to it can read them.

h) Bug Reports and Optional Attachments

If you open Settings → "Report a Bug" and submit a report, the app uploads the following:

• The text description you typed (up to 1,000 characters)
• Any attachments you chose to add: screenshots or photos (up to 5 MB each), short video clips (up to 20 MB each), or voice-note recordings (up to 5 MB each)
• Your account email, app version, build number, and device OS information

The attachments are uploaded to Firebase Storage under bug_reports/{your-user-id}/ and a record is written to Cloud Firestore. A copy of the description, device info, and links to the attachments is also written into the mail/ collection, which the Firebase Trigger Email extension uses to forward the report to our support inbox.

2. How We Use Your Information

We do not use any of the data above for advertising, profiling, or sale. We do not run advertising SDKs in the app.

3. Data Storage and Security

Your data is processed and stored on Google Firebase (Google LLC), which provides:

• Encryption in transit (HTTPS / TLS) for all network traffic between the app and the server
• Encryption at rest for data stored in Cloud Firestore and Firebase Storage
• Secure authentication via Google Sign-In
• Data centres compliant with industry security standards (ISO 27001, SOC 2, and others published by Google)

Image, video, and audio attachments are stored in Firebase Storage and isolated per account by security rules so that one account cannot read another account's media. Razorpay handles its own card and bank data inside its PCI-DSS environment; we never receive that information.

The App requires an active internet connection to use. When connectivity is lost, the App displays a "No internet connection" screen and pauses until you reconnect. The Cloud Firestore SDK caches your account profile and recent reads locally on the device to keep navigation responsive once you are signed in; this cache is not encrypted separately from Firestore's SDK implementation. App preferences (locale, theme, notification settings) are stored locally using Hive.

Important: If you delete your account, uninstall the App, or clear local storage, all locally cached data on your device is removed. Maintain an active internet connection while using the App.

4. Data Retention

• Active accounts: Data is retained as long as your account is active.
• Deleted accounts: When you delete your account, your Firebase Authentication credentials, all Gym Ledger server-side account data (gym profile, member records, payments, attendance, leads, trainers, plans, expenses, staff links, bug reports), all media in Firebase Storage, and all local data on your device are permanently erased. We keep a minimal UID-keyed deletion tombstone for a short period only to block already-issued sign-in tokens; scheduled cleanup removes it after that safety window. Gym, member, payment, media, bug-report, and orphaned account content is not recoverable. (Razorpay independently retains its own transaction records as described under Payment records below.)
• Local data: All locally cached data (account profile, preferences) is cleared when you delete your account or uninstall the app.
• Bug-report attachments: Bug-report attachments (images, videos, voice notes) are permanently deleted when you delete your account. For active accounts, we also aim to delete them within 90 days of submission; you may request immediate deletion at any time by emailing the address above.
• Bug-report forwarding records: Entries in the mail collection used by the Firebase Trigger Email extension are tagged with your account ID and are permanently deleted when you delete your account (and otherwise after the extension finishes delivery and its cleanup cycle). The original report document in bug_reports/ is deleted with your account.
• Crash, analytics, performance, and App Check data: Retained according to the default retention settings of each Firebase service. We do not extend these defaults. We do not link these records to individual gym members.
• Payment records: Gym Ledger permanently deletes its own copies of your payment and order records when you delete your account. Razorpay independently retains its transaction records inside its own systems as required by law and its policies; that data is controlled by Razorpay, not Gym Ledger, and is covered by the Razorpay Privacy Policy.

5. Third-Party Services and Processors

The app uses the following processors. Each one receives only the data needed for its purpose:

Firebase services are operated by Google LLC. Their use of your data is governed by Firebase Privacy and Security and Google's Privacy Policy. Razorpay's handling of payment data is governed by the Razorpay Privacy Policy.

We do not sell, rent, or share your personal data with any other third parties. There are no advertising, attribution, or fingerprinting SDKs in the app.

6. Your Rights

Under India's Digital Personal Data Protection Act (DPDP) 2023 and other applicable laws, you have the right to:

• Access your personal data stored in the app
• Correct inaccurate information via the app's settings
• Delete your account from Settings at any time — this permanently erases your account and all associated data, with no separate request needed
• Withdraw consent by deleting your account or contacting us
• Request a copy of your data in a portable form by contacting us

7. Third-Party Personal Data

As a gym owner, you enter personal data of your gym members into the app. By doing so, you confirm that:

• You have obtained appropriate consent from your gym members to store and process their personal information
• You are responsible for informing your members about how their data is being used
• You will comply with applicable data-protection laws regarding your members' data
• You will review screenshots, videos, and voice notes before sending them in a bug report, and remove or blur member personal information when it is not needed to reproduce the issue

8. Children's Privacy

Gym Ledger is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete that information.

9. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users within 72 hours as required by applicable law, and take immediate steps to mitigate the breach.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes (new processors, new data categories, new retention windows) will be reflected on this page along with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Email: admin@gymledger.pro