Policies, plainly written.
Privacy Policy
Last updated 1 June 2026
GymFlow helps gyms run their business. To do that we process information about gym owners, their staff, and their members. This policy explains what we collect, why, and the choices you have.
What we collect
- Account data — names, emails, phone numbers and roles for the people who use GymFlow.
- Membership data — plans, check-ins, bookings and attendance that a gym records about its members.
- Payment data — handled by our payments partner. We store references and status, never full card numbers.
- Usage data — basic logs that keep the service reliable and secure.
How we use it
To provide the service, process subscriptions, send reminders the gym has configured, and improve GymFlow. We do not sell personal data, ever.
Each gym is the data controller for its members. GymFlow processes that data on the gym's behalf, under our agreement with them.
Your choices
Members can request a copy of their data or ask their gym to delete it. Gym owners can export or erase their workspace at any time from Settings.
Terms of Service
Last updated 1 June 2026
These terms govern your use of GymFlow. By creating a workspace you agree to them on behalf of your business.
Your account
You're responsible for keeping your login secure and for everything done under your account. Tell us right away if you suspect unauthorised access.
Subscriptions & billing
- Plans are billed monthly in Naira and renew automatically until cancelled.
- You can change or cancel a plan at any time; changes take effect at the next cycle.
- Fees already paid are non-refundable except where required by law.
Acceptable use
Don't misuse the service — no unlawful activity, no attempts to break our security, no reselling without permission. We may suspend workspaces that put the platform or other customers at risk.
Liability Waiver
Sample template · gyms should adapt with their own counsel
Many gyms ask members to accept a liability waiver before training. GymFlow can present this digitally at sign-up and store the acceptance. This is a sample template only.
Assumption of risk
The member acknowledges that physical exercise carries inherent risks, including injury, and chooses to participate voluntarily and at their own risk.
Health declaration
The member confirms they are in suitable health to exercise and will stop and seek help if they feel unwell. They will disclose relevant conditions to gym staff.
Release
To the extent permitted by law, the member releases the gym and its staff from liability for injury arising from ordinary use of the facilities, except in cases of gross negligence.
Security
Last updated 1 June 2026
Security is the product. Gym owners trust us with their members' data and their revenue, and we take that seriously.
How we protect data
- Isolation — every gym's data is separated with row-level security, so one workspace can never see another's.
- Encryption — data is encrypted in transit (TLS) and at rest.
- Payments — card details are tokenised by our PCI-DSS compliant payments partner; we never see raw card numbers.
- Access — staff access is role-based and logged in an immutable audit trail.
Reporting a vulnerability
Found something? Email security@gymflow.ng and we'll respond quickly. We're grateful to researchers who disclose responsibly.