Privacy Policy

    GymPoint Overview

    • Gym Management Platform: GymPoint
    • Operated by: ZeroPoint LLC
    • Website: https://gympoint.ai
    • Effective Date: March 27, 2026
    • Last Updated: June 24, 2026

    1. Introduction

    ZeroPoint LLC ("Company," "we," "us," or "our") operates the GymPoint gym management platform, accessible at gympoint.ai and through related web and mobile applications (collectively, the "Service").

    This Privacy Policy explains how information is collected, used, shared, and protected in connection with your use of the Service.

    Who this policy applies to: gym operators, staff members, adult members, and the parent or legal guardian of a minor member enrolled through a gym using GymPoint.

    Acceptance: By accessing or using the Service, you acknowledge you have read and agree to the practices described in this policy.

    2. Scope

    This Privacy Policy covers information collected through the GymPoint web application, mobile applications, embeddable widgets and check-in kiosks operated by gyms using GymPoint, and communications between you and ZeroPoint LLC.

    3. Information We Collect

    3.1 Personal Identification Information

    GymPoint collects information that identifies or can reasonably identify you, including:

    • Full name
    • Email address
    • Phone number
    • Mailing/billing address
    • Date of birth
    • Profile photos (if provided)

    3.2 Health & Fitness Information

    Because GymPoint is a gym management platform, GymPoint may collect and store health and fitness-related data entered by gym operators, staff, and members, including fitness goals, workout history, class attendance, body composition data, and emergency medical contact information.

    Important note: GymPoint stores this information on behalf of the gym operator. The gym operator is responsible for obtaining appropriate consent from their members before entering health-related data into the platform.

    3.3 Minor Member Information

    For members under age 18, GymPoint collects the minor's name, date of birth, enrollment details, parent/guardian information, and participation records. GymPoint does not knowingly collect personal information directly from minors; all minor member data must be provided by a verified parent, legal guardian, or authorized gym operator acting with documented parental consent.

    3.4 Payment & Billing Information

    Payment processing is handled by PCI-compliant third-party payment processors. GymPoint does not store, process, or transmit raw cardholder data, including full card numbers, CVV codes, or magnetic stripe data. All payment transactions are tokenized and processed outside of GymPoint's infrastructure.

    3.5 Account & Usage Data

    GymPoint collects login credentials (passwords are hashed and never stored in plaintext), IP address, browser type, device information, session activity, feature usage, and access logs.

    3.6 GymPoint Terminal App (Card-Present Payments)

    GymPoint offers the GymPoint Terminal, a companion application that runs on Poynt smart payment terminals to accept card-present payments and enroll member payment cards at the front desk. The Terminal app is a companion to a gym's existing GymPoint subscription and is provided at no additional charge.

    The Terminal app does not read, store, log, or transmit raw cardholder data. When a card is presented, the card is captured and the transaction is processed entirely by the Poynt payment terminal and its underlying payment processor. The Terminal app receives only the non-sensitive result of a transaction — such as an approval status, a transaction reference, the last four digits of the card, the card brand, and a reusable payment token. Full card numbers, CVV codes, PINs, magnetic-stripe data, and EMV chip data are never accessible to, or handled by, the Terminal app.

    To carry out a requested action, the Terminal app receives from the GymPoint platform only the information needed to complete it — for example, the member identifier and the amount to charge. Communication between the Terminal app and the GymPoint platform occurs over encrypted connections (TLS 1.2 or higher) with certificate pinning.

    The Terminal app uses a third-party crash-reporting service (Sentry) to capture technical diagnostics that help us fix defects. These reports contain only technical information (such as the error, app version, and an anonymous device identifier). They do not include personal member information, payment card data, screenshots, or screen contents.

    4. How We Use Your Information

    • Provide and operate the Service
    • Support gym operators in managing members, staff, and programs
    • Communicate transactional emails, billing notifications, and support responses
    • Improve the platform and identify bugs
    • Ensure security and detect fraud
    • Comply with legal obligations

    Important: GymPoint does not sell personal information to third parties and does not use member health or fitness data for advertising purposes.

    5. How We Share Your Information

    5.1 With Gym Operators

    If you are a gym member, your information is accessible to the gym operator and authorized staff. GymPoint acts as a data processor on behalf of the gym operator, which is the data controller.

    5.2 With Service Providers

    GymPoint engages trusted third-party vendors including cloud infrastructure providers, payment processors, email platforms, and analytics services. Vendors are contractually obligated to protect your information.

    5.3 For Legal Compliance

    GymPoint may disclose information if required by law, court order, or governmental authority, or if necessary to protect rights, property, or public safety.

    5.4 Business Transfers

    In case of merger, acquisition, or sale of assets, user information may be transferred. GymPoint will notify affected users prior to any transfer.

    6. Data Retention

    GymPoint retains personal data as long as necessary to provide the Service and fulfill stated purposes. When a gym operator terminates their subscription, member data is retained for 90 days then permanently deleted, unless a different period is required by law.

    Users may request earlier deletion by contacting privacy@gympoint.ai.

    7. Data Security

    GymPoint implements industry-standard security measures including encrypted data transmission, hashed password storage, role-based access controls, regular security audits, and isolated production environments. However, no method of transmission is 100% secure.

    8. Children's Privacy

    Minor member profiles may only be created by a parent, legal guardian, or authorized gym operator with documented parental consent. GymPoint does not knowingly allow minors under 13 to create their own accounts. Parents/guardians may request access, correction, or deletion of their child's data.

    9. Your Rights & Choices

    Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or port your personal information. Contact privacy@gympoint.ai to exercise these rights. GymPoint will respond to verifiable requests within 30 days.

    10. Cookies & Tracking Technologies

    GymPoint uses cookies to maintain sessions, remember preferences, and analyze usage. You may control cookie settings through your browser. GymPoint does not use third-party advertising cookies or behavioral tracking for ad targeting.

    11. Third-Party Links

    The Service may contain links to third-party websites. GymPoint is not responsible for their privacy practices. We encourage you to review their privacy policies.

    12. Changes to This Policy

    GymPoint may update this Privacy Policy. Material changes will be communicated via email or a prominent platform notice at least 14 days before taking effect. Continued use constitutes acceptance.

    13. SMS / Text Messaging

    GymPoint, a gym-management platform operated by ZeroPoint LLC, sends account and billing text messages to gym owners and staff who provide their mobile number and opt in during account signup or in their account settings. Message types include billing reminders, payment confirmations, failed-payment alerts, and account or service notifications.

    Member messaging by gyms on GymPoint. Fitness businesses that use GymPoint (each a "Club" — for example, a boxing gym, martial-arts school, or fitness studio) may send text messages to their own members through the platform, and this Privacy Policy applies to those messages. Members opt in either online — by actively checking an unchecked-by-default SMS consent checkbox next to the mobile-number field on the Club's booking or membership signup form — or in person at the Club. Member messages are transactional and relationship messages only: class and booking confirmations, schedule reminders, payment receipts, and account notifications.

    • Consent is not a condition of purchase or membership. By providing your mobile number and checking the SMS consent box, you agree to receive automated text messages from GymPoint or your Club, as applicable.
    • Message frequency varies based on your account or membership activity.
    • Message and data rates may apply.
    • Reply STOP to any message to unsubscribe at any time; reply HELP for help.
    • Mobile opt-in information and SMS consent are not sold or shared with third parties or affiliates for marketing or promotional purposes. This applies to both GymPoint and every Club using the platform. See also our Mobile Messaging Terms.

    14. Contact Us

    ZeroPoint LLC

    Privacy & Data Inquiries

    Email: privacy@gympoint.ai

    Website: https://gympoint.ai

    This Privacy Policy was last updated on June 24, 2026.