Skip to main content
Back to home

Privacy Policy

Last updated: April 2026 · Version 1.0

1. Who We Are

GymAxis AI ("we", "our", "us") operates the GymAxis AI platform and the Pulse Fitness Self-Service Portal. We are the data controller for the personal data processed through our services.

2. Data We Collect

We collect and process the following personal data:

  • Account data: Name, email address, company name, role
  • Equipment data: Serial numbers, locations, fault reports, maintenance records
  • Usage data: Login times, feature usage, IP addresses
  • Uploaded content: Invoice PDFs, spec sheets, fault photos/videos
  • Communication data: Support messages, fault descriptions

3. Legal Basis for Processing

We process your data under the following legal bases (GDPR Art. 6):

  • Contract performance: To provide the gym maintenance platform services you have subscribed to
  • Legitimate interest: To improve our services, ensure security, and prevent fraud
  • Consent: For marketing communications and optional AI-powered features
  • Legal obligation: To maintain audit trails and comply with regulations

4. How We Use Your Data

  • Provide and maintain the equipment management platform
  • Process fault reports and generate AI-powered triage assessments
  • Generate ERP-compatible CSV exports for your finance systems
  • Match spec sheets to equipment using AI analysis
  • Send service notifications and maintenance reminders
  • Maintain security audit trails

5. Data Sharing

We do not sell your personal data. We share data only with:

  • AI providers: Equipment descriptions and fault text are sent to OpenAI for triage analysis (no personal identifiers included)
  • Cloud storage: Uploaded files are stored securely in cloud storage
  • Payment processors: Stripe processes payment data under their own privacy policy

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of all data we hold about you (available in Settings > Privacy)
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your account and associated data
  • Portability: Export your data in a machine-readable format (JSON)
  • Restriction: Request we limit processing of your data
  • Object: Object to processing based on legitimate interest

To exercise these rights, use the self-service options in your account settings or contact us at privacy@gymaxisai.com.

7. Data Retention

  • Account data is retained while your account is active
  • After account deletion, personal data is anonymised within 30 days
  • Audit logs are retained for 12 months, then archived
  • Password reset tokens are purged after 24 hours
  • Uploaded files are retained for the duration of your subscription

8. Security

We implement industry-standard security measures including:

  • Bcrypt password hashing
  • JWT token authentication with 24-hour expiry
  • Rate limiting and brute-force protection
  • Security headers (HSTS, CSP, X-Frame-Options)
  • Input sanitisation to prevent XSS attacks
  • HTTPS encryption in transit

9. Cookies

We use only essential cookies required for authentication (JWT token stored in localStorage). We do not use tracking cookies or third-party analytics cookies.

10. Contact

For privacy-related enquiries, contact our Data Protection Officer at privacy@gymaxisai.com.

We use essential cookies to keep you signed in and provide core functionality. We do not use tracking or advertising cookies. Privacy Policy

Made with Emergent