Privacy Policy

Last Updated: 6 October 2025

1. Introduction

This Privacy Policy explains how Paladin AI Limited trading as GymBee ("GymBee", "we", "us", or "our") collects, uses, discloses, and protects information about you when you visit our website at gymbee.ai ("Website") or use our platform at app.gymbee.ai ("Platform" or "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy should be read alongside our Terms and Conditions.

Our Details:

• Legal Entity: Paladin AI Limited trading as GymBee

• Registered Address: 20 Wenlock Road, N1 7GU, London

• Contact Email: help@gymbee.ai

• Website: gymbee.ai

For the purposes of UK data protection legislation, we are the data controller responsible for your personal data.

2. Information We Collect

2.1 Information You Provide to Us

Website Contact Forms and Enquiries:

• Name

• Email address

• Company name

• Phone number

• Message content

Account Registration (Platform):

• Name

• Email address

• Company/organisation name

• Job title

• Phone number

• Password (stored in encrypted form)

• Billing address

• Payment information (processed by our third-party payment provider)

Customer Data (Platform): When you use the Platform, you may upload, store, or process various types of data related to your gym operations, including but not limited to:

• Employee and staff information

• Training records

• Incident reports

• Equipment maintenance records

• Risk assessments

• Policy documents

• Supplier information

• Audit records

You are the data controller for any personal data you process through the Platform. We act as a data processor in relation to this Customer Data.

2.2 Information We Collect Automatically

Technical Information:

• IP address

• Browser type and version

• Operating system

• Referring website

• Pages visited and time spent on pages

• Device information

• Location data (country/city level based on IP address)

Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your browsing activities. See our Cookie Policy for detailed information about the cookies we use.

Platform Usage Data: When you use the Platform, we automatically collect:

• Log-in times and frequency

• Features accessed and used

• Actions performed

• Error logs and diagnostic data

• Performance metrics

2.3 Information from Third Parties

We may receive information about you from:

• Payment processors (transaction confirmations)

• Analytics providers

• Marketing platforms

• Public sources (e.g., Companies House for business verification)

3. How We Use Your Information

3.1 Legal Bases for Processing

We process your personal data on the following legal bases:

Contract Performance: To provide the Service to you and fulfil our contractual obligations.

Legitimate Interests: To operate, improve, and promote our business, provided this does not override your rights and interests.

Legal Obligation: To comply with legal and regulatory requirements.

Consent: Where you have given explicit consent for specific processing activities.

3.2 Purposes of Processing

We use your information for the following purposes:

Service Delivery:

• Creating and managing your account

• Providing access to the Platform

• Processing payments and transactions

• Providing customer support

• Communicating with you about the Service

• Sending service-related notifications and updates

Business Operations:

• Improving and developing the Platform

• Conducting analytics and research

• Monitoring and analysing usage patterns

• Troubleshooting technical issues

• Ensuring security and preventing fraud

• Maintaining backups and disaster recovery

Marketing (with your consent):

• Sending promotional emails about new features, products, or services

• Providing information about events, webinars, or training

• Conducting surveys and requesting feedback

You can opt out of marketing communications at any time by clicking the unsubscribe link in emails or contacting us directly.

Legal Compliance:

• Complying with legal obligations and regulatory requirements

• Responding to legal processes and requests from authorities

• Enforcing our Terms and Conditions

• Protecting our rights and interests

4. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

4.1 Service Providers

We engage third-party service providers to help us operate our business and deliver the Service, including:

• Cloud hosting providers

• Payment processors

• Email service providers

• Analytics providers

• Customer support tools

• Marketing platforms

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, law enforcement requests).

4.4 Protection of Rights

We may disclose information to protect and defend our rights, property, or safety, or that of our users or the public, as required or permitted by law.

4.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. International Data Transfers

Our servers and service providers may be located outside the United Kingdom. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office

• Adequacy decisions recognising equivalent data protection standards

• Other legally recognised transfer mechanisms

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

Technical Measures:

• Encryption of data in transit (SSL/TLS)

• Encryption of data at rest

• Secure authentication and access controls

• Regular security testing and monitoring

• Firewall protection

• Intrusion detection systems

Organisational Measures:

• Staff training on data protection

• Access controls and need-to-know principles

• Confidentiality agreements

• Regular security audits

• Incident response procedures

However, no method of transmission over the internet or electronic storage is completely secure. Whilst we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Account Information: Retained for the duration of your account and for 30 days after account closure, unless you request earlier deletion or we have a legal obligation to retain it longer.

Customer Data: Retained in accordance with your instructions and our Terms of Service. Upon account termination, Customer Data is retained for 30 days to allow for account reactivation or data export, after which it is permanently deleted.

Marketing Data: Retained until you withdraw consent or request deletion, or for up to 3 years from your last interaction with us.

Financial Records: Retained for at least 6 years to comply with tax and accounting requirements.

Legal Claims: Data may be retained longer if necessary for the establishment, exercise, or defence of legal claims.

8. Your Rights

Under UK data protection law, you have the following rights:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

8.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

8.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data properly. Contact details:

• Website: ico.org.uk

• Telephone: 0303 123 1113

• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

8.9 Exercising Your Rights

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within one month, though this may be extended by up to two months for complex requests.

We may need to verify your identity before processing your request. This is a security measure to ensure personal data is not disclosed to unauthorised persons.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our Website and Platform. For detailed information about the cookies we use and how to manage your cookie preferences, please see our Cookie Policy.

10.1 Essential Cookies

These cookies are necessary for the Website and Platform to function properly and cannot be disabled.

10.2 Analytics Cookies

These cookies help us understand how visitors interact with our Website and Platform, allowing us to improve user experience.

10.3 Marketing Cookies

These cookies are used to track visitors across websites to display relevant advertisements.

You can control cookie settings through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

11. Third-Party Links

Our Website and Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our Website

• Updating the "Last Updated" date at the top of this policy

• Sending you an email notification (for Platform users)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Data Processing Agreement

If you are a Platform customer, a Data Processing Agreement (DPA) governs our processing of Customer Data on your behalf. The DPA incorporates the UK International Data Transfer Addendum and Standard Contractual Clauses where applicable. You may request a copy of our DPA by contacting us.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: help@gymbee.ai
Address: 20 Wenlock Road, N1 7GU, London
Website: gymbee.ai

By using our Website or Platform, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.