PayGym Privacy Policy

Last Updated: 10:00AM, 27th June, 2025

1. Introduction

Welcome to PayGym Solutions Intl Limited (“PayGym”, “we”, “us”, “our”). We are committed to safeguarding your privacy and handling your personal and business information in a lawful, transparent, and secure manner.

This Privacy Policy explains:
• What information we collect from you
• How and why we collect it
• How we store and process it
• Your rights and choices
• The legal basis for using your data
• How to contact us with any questions or concerns

This Policy applies to:
• Users registering on PayGym to access gym locations
• Gym Service Providers who partner with us
• Anyone interacting with the PayGym mobile app, website, or services
By accessing or using our services, you confirm that you have read and understood this Policy and agree to the practices described.

2. Definitions

User: An individual who registers on PayGym to access fitness centers listed on our platform.

Gym Service Provider: A registered gym, wellness club, or fitness center using PayGym to offer services to Users.

Personal Data: Any information that can identify an individual (e.g., name, email, phone number, ID).

Business Data: Information related to Gym Service Providers that does not directly identify a person (e.g., RC number, business address).

Platform: All web, mobile, and API-based systems operated by PayGym.

Processing: Any action performed on data, such as collecting, storing, using, or disclosing.

Services: All features, tools, and offerings provided by PayGym, including check-in functionality, payments, analytics, and account management.

3. Our Privacy Principles

At PayGym, we are guided by the following principles:

Transparency: We clearly explain how we use your data.

Security: We implement rigorous safeguards to protect your information.

Purpose Limitation: We only collect and use data necessary for delivering and improving our Services.

Compliance: We adhere to applicable data protection laws, including Nigeria Data Protection Act (NDPA) and GDPR-equivalent standards.

User Empowerment: We honor your rights and provide tools to manage your data.

4. The Data We Collect

A. From Users
Full name
• Email address
• Date of birth
• Gender
• Residential address
• Phone number
• Profile photo (optional)
• Location data (check-in verification only)
• Device data (IP address, app version, crash logs)
B. From Gym Service Providers
• Registered business name
• Corporate Affairs Commission (CAC) RC number
• Business address and gym hours
• Bank account details (for payouts)
• Facilities offered
• Director/Manager contact details
• KYB documents (e.g., business certificate, ID if required)
C. Payments
• PayGym does not store card data
• Payments are securely processed by Flutterwave.
• Tokenized billing data (for recurring payments) is encrypted
D. Logs & Operational Data
• IP addresses and device info
• Platform access logs
• Check-in timestamps (pseudonymized)
• Chat support interactions
E. Media Access
• Users may grant camera access for QR check-in or uploading images.

5. How We Collect Your Data

We obtain data when you:
• Register or create an account
• Use our mobile or web platform
• Check in at a gym
• Update your profile or gym listing
• Contact us for support
• Consent to marketing or newsletter subscriptions
• Provide documentation during KYB or dispute resolution
• Interact with platform analytics or cookies
We may also collect data indirectly from:
• Payment partners (e.g., Flutterwave)
• Identity verification and fraud prevention providers
• Analytics and cloud service vendors
• Public regulatory databases

6. Legal Basis for Processing

We process your data based on the following lawful grounds:

Contractual Necessity: To deliver services, manage your account, and facilitate gym payouts.

Legal Obligation: For regulatory compliance (AML/CFT, KYB/KYC).

Legitimate Interest: For fraud prevention, system optimization, and analytics

Consent: For optional features (e.g., marketing, photo uploads).

7. How We Use Your Data

We use the information we collect to:
• Create, verify, and manage User and Gym accounts
• Facilitate secure payments and manage gym payouts
• Authenticate check-ins and validate user activity
• Send transaction receipts, service emails, or alerts
• Resolve support queries and handle disputes
• Analyze platform usage (anonymized or pseudonymized)
• Improve service quality and add new features
• Comply with financial, legal, and regulatory obligations
• Detect and prevent fraudulent or unauthorized access

8. Your Data Protection Rights

Subject to applicable data protection laws, you have the following rights:
• Access - Request a copy of your Personal Data
• Rectification - Request corrections to inaccurate data
• Erasure - Request deletion of data under certain conditions
• Restriction - Request limits on processing
• Objection - Object to processing or marketing
• Portability - Transfer your data to another service
• Withdraw Consent - Withdraw previously given consent
• Automated Decision Objection - Object to decisions made solely by algorithms
To exercise these rights, contact: hello@paygymapp.com
We may request ID verification before fulfilling your request.

9. Sharing Your Data

We do not sell your Personal Data.
We share it only as necessary:
• With payment processors (e.g., Flutterwave)
• With cloud infrastructure providers (e.g., AWS, under DPA agreements)
• With legal authorities where required by law
• With Gym Service Providers (only anonymized check-in data — no PII)
• With service providers assisting in operations, fraud prevention, or analytics
• During a merger/acquisition, with involved entities under confidentiality

10. Data Security & Retention

We protect your data using:
• SSL/TLS for secure transmission
• AES-256 encryption at rest
• Two-factor authentication (2FA) for admin accounts
• Access control and audit logs
• Routine penetration testing and staff training
During a merger/acquisition,
• While your account is active
• Up to 24 months after account deactivation (for audit, legal, or fraud concerns)
• Anonymized data may be retained longer for research or analytics
• Legal and AML records retained for 5 years (minimum), if required

11. International Data Transfers

Some of our service providers or servers may reside outside Nigeria. When data is transferred internationally, we ensure that:
• It is protected by contracts with standard contractual clauses (SCCs)
• Adequate legal safeguards are in place
• Transfers comply with NDPR, GDPR-equivalent standards

12. Cookies & Tracking Technologies

We use cookies and related technologies to:
• Enable platform functionality
• Track app performance
• Personalize content and measure marketing effectiveness
You can manage your cookie preferences via your browser or in-app settings.

13. Marketing Communications

We may send you updates, offers, or promotions if you have opted in. You can opt out anytime via your account settings or “unsubscribe” links.

Note: Transactional and service-related emails will still be sent.

14. Children’s Data

PayGym is not intended for individuals under the age of 18. We do not knowingly collect or process data from children. If you believe a minor has provided data, please contact us immediately.

15. Changes to This Policy

We may update this Policy from time to time to reflect changes in:
• Law or regulations
• Our services or practices
Changes will be communicated via:
• Email
• Mobile app notices
• Dashboard alerts
Continued use of the platform after changes indicates acceptance

16. DEFINITIONS (Expanded Glossary)

• NDPR - Nigeria Data Protection Regulation
• KYB - Know Your Business
• KYC - Know Your Customer
• AML - Anti-Money Laundering
• DPA - Data Processing Agreement
• Tokenization - Replacement of sensitive data with secure non-sensitive equivalents
• SCC - Standard Contractual Clauses (for cross-border transfers)
• PII - Personally Identifiable Information
• DPO - Data Protection Officer

17. Contact Us

PayGym Solutions Intl Ltd

Email : hello@paygymapp.com