Privacy Policy

We collect information you provide directly when you create a GymOS account, configure your gym, or contact support. This includes: • Account information: name, email address, phone number, and password. • Gym data: branch details, membership plans, member records, attendance logs, payment records, and any content you upload to the platform. • Member data: information about your gym's members that you enter into GymOS — including names, contact details, and membership history. You are the data controller for this information. • Usage data: pages visited, features used, session duration, and error logs collected automatically to improve the platform. • Payment information: billing details processed securely by our payment processor. GymOS does not store full card numbers.

We use the information we collect to: • Provide, operate, and maintain the GymOS platform. • Process transactions and send related notices (invoices, renewal reminders). • Respond to support requests and troubleshoot issues. • Send product updates, security alerts, and administrative messages. • Analyze usage patterns to improve features and fix bugs. • Comply with legal obligations. We do not sell your data or your gym members' data to third parties.

GymOS stores all data in encrypted PostgreSQL databases hosted on infrastructure with industry-standard physical and network security controls. Data in transit is protected by TLS 1.2+. We use Cloudflare for DDoS protection and edge caching. We retain your gym data for the duration of your active subscription and for 30 days after account termination, after which it is permanently deleted. You may request earlier deletion by contacting support.

GymOS uses the following third-party services to operate the platform: • Cloudflare R2: file and media storage (member photos, documents). • SMTP provider: transactional email delivery (invoices, reminders). • Payment processor: subscription billing for GymOS platform fees. Each service operates under its own privacy policy. We share only the minimum data necessary for each service to function.

Depending on your location, you may have the right to: • Access the personal data we hold about you. • Correct inaccurate data. • Request deletion of your data ("right to be forgotten"). • Export your data in a machine-readable format. • Object to or restrict certain processing activities. To exercise any of these rights, contact us at octspace.com@gmail.com. We will respond within 30 days.

GymOS uses strictly necessary cookies to maintain your login session and prevent cross-site request forgery. We do not use advertising or tracking cookies. For details see our Cookie Policy.

GymOS is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child's information has been submitted to the platform, contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a notice in the dashboard at least 14 days before the changes take effect. Your continued use of GymOS after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, contact us at: octspace.com@gmail.com