— Security
Member data, treated like it matters.
Gyms hold personal, health, and payment data. We protect it with the same standards we'd demand of any platform we trusted with our own.
Encryption everywhere
Data encrypted in transit (TLS 1.3) and at rest (AES-256). No exceptions.
Row-level isolation
Every gym's data is isolated at the database layer. One tenant can never see another's.
Audit logging
Sensitive actions are logged with retention controls and exportable trails.
Resilient infrastructure
Hosted on hardened cloud infrastructure with automated backups and failover.
Practices baked in
- —Multi-factor authentication for admin accounts
- —Role-based access control across every module
- —Daily encrypted backups with point-in-time recovery
- —Marketing consent and GDPR-aligned data handling
- —Regular dependency scanning and security review
- —Least-privilege service accounts and secrets rotation
Report a vulnerability: security@gymapp.io