GymLedger

Privacy Policy

Last updated: March 29, 2026

GymLedger ("we", "our", or "us") is a gym membership management application. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application.

1. Information We Collect

We collect the following categories of information:

a) Account Information (collected automatically via Google Sign-In)

Name
Email address
Google profile identifier

b) Gym Profile Information (provided by you)

Gym name
Contact phone number
Gym address

c) Member Data (entered by you about your gym members)

Member names, phone numbers, and email addresses
Subscription plans, amounts, and dates
Payment history and records
Notes added by the gym owner

d) Technical Data (collected automatically)

Device tokens for push notifications
App usage data for improving performance

2. How We Use Your Information

Data	Purpose
Account info	Authentication and account management
Gym profile	Personalising your experience
Member data	Subscription tracking, payment records, expiry notifications
Device tokens	Sending membership expiry reminders
Usage data	Improving app performance and features

3. Data Storage and Security

Your data is stored using Google Firebase (Cloud Firestore and Firebase Authentication), which provides:

Encryption in transit (HTTPS/TLS) and at rest
Secure authentication via Google Sign-In
Data centres compliant with industry security standards

The App uses Cloud Firestore's built-in offline persistence to cache data locally on your device. This allows limited functionality when offline. Locally cached data (including pending writes) is stored on your device and is not encrypted separately from Firestore's SDK implementation. App preferences and account settings are stored locally using Hive.

Important: Data entered while offline is queued locally and synchronised to our servers when connectivity is restored. If the App is uninstalled, the device is factory reset, or local storage is cleared before synchronisation completes, pending data may be permanently lost. We recommend maintaining an active internet connection while using the App for critical operations.

4. Data Retention

We retain your data as follows:

Active accounts: Data is retained as long as your account is active.
Deleted accounts: When you delete your account, your Firebase authentication credentials are permanently removed and all local data is cleared from your device. Server-side data (gym profile, member records, payments, attendance) is retained in an orphaned state for analytics and service improvement purposes. This data is no longer linked to any active account and cannot be accessed or recovered. If you wish to have your server-side data permanently deleted, you may request full data deletion by contacting us at dev.gymledger@gmail.com.
Local data: All data stored on your device, including any pending offline writes, is cleared when you delete your account or uninstall the app. Unsynced offline data cannot be recovered.

5. Third-Party Services

We use the following third-party services to operate the app:

Firebase Authentication — for secure sign-in via Google
Cloud Firestore — for cloud data storage
Firebase Cloud Messaging — for push notifications

These services are operated by Google LLC. Their use of your data is governed by Google's Privacy Policy.

We do not sell, rent, or share your personal data with any other third parties.

6. Your Rights

Under India's Digital Personal Data Protection Act (DPDPA) 2023 and applicable laws, you have the right to:

Access your personal data stored in the app
Correct inaccurate information via the app's settings
Delete your account and authentication data at any time from Settings. You may also request full server-side data deletion by emailing us
Withdraw consent by deleting your account or contacting us

7. Third-Party Personal Data

As a gym owner, you enter personal data of your gym members into the app. By doing so, you confirm that:

You have obtained appropriate consent from your gym members to store and process their personal information
You are responsible for informing your members about how their data is being used
You will comply with applicable data protection laws regarding your members' data

8. Children's Privacy

GymLedger is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete such information.

9. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users within 72 hours as required by applicable law, and take immediate steps to mitigate the breach.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Email: dev.gymledger@gmail.com