Privacy Policy
GymPoint Overview
- Gym Management Platform: GymPoint
- Operated by: ZeroPoint LLC
- Website: https://gympoint.ai
- Effective Date: March 27, 2026
- Last Updated: June 24, 2026
1. Introduction
ZeroPoint LLC ("Company," "we," "us," or "our") operates the GymPoint gym management platform, accessible at gympoint.ai and through related web and mobile applications (collectively, the "Service").
This Privacy Policy explains how information is collected, used, shared, and protected in connection with your use of the Service.
Who this policy applies to: gym operators, staff members, adult members, and the parent or legal guardian of a minor member enrolled through a gym using GymPoint.
Acceptance: By accessing or using the Service, you acknowledge you have read and agree to the practices described in this policy.
2. Scope
This Privacy Policy covers information collected through the GymPoint web application, mobile applications, embeddable widgets and check-in kiosks operated by gyms using GymPoint, and communications between you and ZeroPoint LLC.
3. Information We Collect
3.1 Personal Identification Information
GymPoint collects information that identifies or can reasonably identify you, including:
- Full name
- Email address
- Phone number
- Mailing/billing address
- Date of birth
- Profile photos (if provided)
3.2 Health & Fitness Information
Because GymPoint is a gym management platform, GymPoint may collect and store health and fitness-related data entered by gym operators, staff, and members, including fitness goals, workout history, class attendance, body composition data, and emergency medical contact information.
Important note: GymPoint stores this information on behalf of the gym operator. The gym operator is responsible for obtaining appropriate consent from their members before entering health-related data into the platform.
3.3 Minor Member Information
For members under age 18, GymPoint collects the minor's name, date of birth, enrollment details, parent/guardian information, and participation records. GymPoint does not knowingly collect personal information directly from minors; all minor member data must be provided by a verified parent, legal guardian, or authorized gym operator acting with documented parental consent.
3.4 Payment & Billing Information
Payment processing is handled by PCI-compliant third-party payment processors. GymPoint does not store, process, or transmit raw cardholder data, including full card numbers, CVV codes, or magnetic stripe data. All payment transactions are tokenized and processed outside of GymPoint's infrastructure.
3.5 Account & Usage Data
GymPoint collects login credentials (passwords are hashed and never stored in plaintext), IP address, browser type, device information, session activity, feature usage, and access logs.
3.6 GymPoint Terminal App (Card-Present Payments)
GymPoint offers the GymPoint Terminal, a companion application that runs on Poynt smart payment terminals to accept card-present payments and enroll member payment cards at the front desk. The Terminal app is a companion to a gym's existing GymPoint subscription and is provided at no additional charge.
The Terminal app does not read, store, log, or transmit raw cardholder data. When a card is presented, the card is captured and the transaction is processed entirely by the Poynt payment terminal and its underlying payment processor. The Terminal app receives only the non-sensitive result of a transaction — such as an approval status, a transaction reference, the last four digits of the card, the card brand, and a reusable payment token. Full card numbers, CVV codes, PINs, magnetic-stripe data, and EMV chip data are never accessible to, or handled by, the Terminal app.
To carry out a requested action, the Terminal app receives from the GymPoint platform only the information needed to complete it — for example, the member identifier and the amount to charge. Communication between the Terminal app and the GymPoint platform occurs over encrypted connections (TLS 1.2 or higher) with certificate pinning.
The Terminal app uses a third-party crash-reporting service (Sentry) to capture technical diagnostics that help us fix defects. These reports contain only technical information (such as the error, app version, and an anonymous device identifier). They do not include personal member information, payment card data, screenshots, or screen contents.
4. How We Use Your Information
- Provide and operate the Service
- Support gym operators in managing members, staff, and programs
- Communicate transactional emails, billing notifications, and support responses
- Improve the platform and identify bugs
- Ensure security and detect fraud
- Comply with legal obligations
Important: GymPoint does not sell personal information to third parties and does not use member health or fitness data for advertising purposes.
5. How We Share Your Information
5.1 With Gym Operators
If you are a gym member, your information is accessible to the gym operator and authorized staff. GymPoint acts as a data processor on behalf of the gym operator, which is the data controller.
5.2 With Service Providers
GymPoint engages trusted third-party vendors including cloud infrastructure providers, payment processors, email platforms, and analytics services. Vendors are contractually obligated to protect your information.
5.3 For Legal Compliance
GymPoint may disclose information if required by law, court order, or governmental authority, or if necessary to protect rights, property, or public safety.
5.4 Business Transfers
In case of merger, acquisition, or sale of assets, user information may be transferred. GymPoint will notify affected users prior to any transfer.
6. Data Retention
GymPoint retains personal data as long as necessary to provide the Service and fulfill stated purposes. When a gym operator terminates their subscription, member data is retained for 90 days then permanently deleted, unless a different period is required by law.
Users may request earlier deletion by contacting privacy@gympoint.ai.
7. Data Security
GymPoint implements industry-standard security measures including encrypted data transmission, hashed password storage, role-based access controls, regular security audits, and isolated production environments. However, no method of transmission is 100% secure.
8. Children's Privacy
Minor member profiles may only be created by a parent, legal guardian, or authorized gym operator with documented parental consent. GymPoint does not knowingly allow minors under 13 to create their own accounts. Parents/guardians may request access, correction, or deletion of their child's data.
9. Your Rights & Choices
Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or port your personal information. Contact privacy@gympoint.ai to exercise these rights. GymPoint will respond to verifiable requests within 30 days.
10. Cookies & Tracking Technologies
GymPoint uses cookies to maintain sessions, remember preferences, and analyze usage. You may control cookie settings through your browser. GymPoint does not use third-party advertising cookies or behavioral tracking for ad targeting.
11. Third-Party Links
The Service may contain links to third-party websites. GymPoint is not responsible for their privacy practices. We encourage you to review their privacy policies.
12. Changes to This Policy
GymPoint may update this Privacy Policy. Material changes will be communicated via email or a prominent platform notice at least 14 days before taking effect. Continued use constitutes acceptance.
13. SMS / Text Messaging
GymPoint, a gym-management platform operated by ZeroPoint LLC, sends account and billing text messages to gym owners and staff who provide their mobile number and opt in during account signup or in their account settings. Message types include billing reminders, payment confirmations, failed-payment alerts, and account or service notifications.
Member messaging by gyms on GymPoint. Fitness businesses that use GymPoint (each a "Club" — for example, a boxing gym, martial-arts school, or fitness studio) may send text messages to their own members through the platform, and this Privacy Policy applies to those messages. Members opt in either online — by actively checking an unchecked-by-default SMS consent checkbox next to the mobile-number field on the Club's booking or membership signup form — or in person at the Club. Member messages are transactional and relationship messages only: class and booking confirmations, schedule reminders, payment receipts, and account notifications.
- Consent is not a condition of purchase or membership. By providing your mobile number and checking the SMS consent box, you agree to receive automated text messages from GymPoint or your Club, as applicable.
- Message frequency varies based on your account or membership activity.
- Message and data rates may apply.
- Reply STOP to any message to unsubscribe at any time; reply HELP for help.
- Mobile opt-in information and SMS consent are not sold or shared with third parties or affiliates for marketing or promotional purposes. This applies to both GymPoint and every Club using the platform. See also our Mobile Messaging Terms.
14. Contact Us
ZeroPoint LLC
Privacy & Data Inquiries
Email: privacy@gympoint.ai
Website: https://gympoint.ai
This Privacy Policy was last updated on June 24, 2026.