Privacy Policy

YoClub (“YoClub”, “we”, “us”, “our”) is a gym & fitness business management platform operated by Ebizsuit Solution. We are committed to protecting your privacy and handling personal data responsibly. By using the YoClub website, mobile applications, or services (collectively, the “Services”), you agree to this Policy.

1. Who we are

YoClub is operated by Ebizsuit Solution (“Data Fiduciary” under the DPDP Act). We provide software that lets gyms, fitness studios, and similar businesses (our “Customers”) manage members, attendance, billing, payments, leads, and communications. This Policy applies to the personal data we process as a Data Fiduciary, and describes our practices when we process data on behalf of our Customers.

2. Scope & your role

• Account holders (our Customers): gym owners and staff who create and use a YoClub account. We are the Data Fiduciary for this data.
• Members & leads: individuals whose details are entered into YoClub by our Customers. For this data, the Customer is the Data Fiduciary and YoClub acts as a Data Processor on the Customer's instructions.
• Website visitors: people who browse our website or enquire about the Services.

3. Information we collect

a) Information you provide

• Account & profile: name, business name, mobile number, email, password, address, designation.
• Member & lead data (entered by Customers): name, contact number, email, date of birth, gender, address, emergency contact, photo, enrollment/membership details, health/fitness preferences, attendance, and notes.
• Payment & billing data: transaction amounts, payment mode, invoice details, GSTIN, due amounts, and similar financial records. Card/UPI details are processed by our payment partners — we do not store full card numbers.
• Support & communications: messages, enquiries, and feedback you send us.

b) Information collected automatically

• Device & usage data: device model, OS, app version, IP address, log data, and feature usage.
• Push notification tokens: a device token (via Firebase Cloud Messaging on Android / Apple Push Notification service on iOS) used only to deliver in-app/business notifications such as payment alerts.
• Cookies & similar technologies on our website (see Section 11).

Some of the above (e.g. financial information, health-related notes, passwords) may constitute Sensitive Personal Data or Information (SPDI) under the IT Rules, 2011 and is handled with additional care.

4. How we use information

• To provide, operate, and maintain the Services (member management, attendance, billing, payments, CRM, reporting).
• To send service-related and business notifications (e.g. payment received, renewals, alerts) you or our Customers have enabled.
• To send transactional SMS/WhatsApp/email messages on behalf of our Customers.
• To authenticate users, secure accounts, and prevent fraud or misuse.
• To provide customer support and respond to requests.
• To improve, analyse, and develop the Services.
• To comply with legal, tax, accounting, and regulatory obligations.

We do not sell your personal data.

5. Consent & legal basis

We process personal data based on your consent and/or for legitimate uses permitted under the DPDP Act — including to provide a service you have requested, to fulfil our contract with you, and to meet legal obligations. Where we rely on consent, it is free, specific, informed, and unambiguous, and you may withdraw it at any time (see Section 9). Our Customers are responsible for obtaining the necessary consent from their members and leads before entering their data into YoClub.

6. Sharing & third parties

We share personal data only as needed to run the Services, and with appropriate safeguards:

• Service providers / processors: cloud hosting, database, push-notification (Google Firebase, Apple, Expo), SMS/WhatsApp gateways, email, and payment processors — strictly to perform services for us.
• Within your business: data is visible to the Customer (gym) and its authorised staff.
• Legal & safety: where required by law, court order, or to protect rights, safety, and security.
• Business transfers: in connection with a merger, acquisition, or asset sale, subject to this Policy.

We do not disclose your data to third parties for their own marketing without your consent.

7. Data retention

We retain personal data for as long as your account is active or as needed to provide the Services, and thereafter only as required to comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. When data is no longer required, we delete or anonymise it. Customers may request deletion of member data as described in Section 9.

8. Data security

We implement reasonable security practices and procedures in line with the IT Rules, 2011, including encryption of data in transit (HTTPS/TLS), access controls, authentication, and regular safeguards against unauthorised access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure; we continually work to protect your data and will notify affected persons and the Data Protection Board as required by law in the event of a reportable personal-data breach.

9. Your rights

Subject to applicable law, you (as a Data Principal) have the right to:

• Access a summary of the personal data we process about you.
• Correction & updating of inaccurate or incomplete data.
• Erasure of your personal data, where applicable.
• Withdraw consent at any time (this will not affect prior lawful processing).
• Grievance redressal — to raise complaints with our Grievance Officer (Section 14).
• Nominate another person to exercise your rights in the event of death or incapacity.

To exercise these rights, contact us using the details in Section 14. If your data was entered by a gym (our Customer), please also contact that gym, as they control that data; we will assist them in fulfilling your request. We will respond within the timelines prescribed by law.

10. Children's data

The Services are intended for businesses and adults. We do not knowingly collect personal data of children (under 18) without verifiable parental/guardian consent. Where a Customer records a minor's details, the Customer is responsible for obtaining lawful consent from the parent or lawful guardian. If you believe a child's data has been provided without proper consent, contact us and we will take appropriate action.

11. Cookies & tracking

Our website uses cookies and similar technologies for essential functionality, preferences, and basic analytics. You can control cookies through your browser settings; disabling some cookies may affect site functionality. Our mobile apps do not use advertising cookies.

12. Data location & transfers

Your data is primarily stored and processed in India. Some of our service providers (e.g. push-notification and infrastructure providers) may process limited data outside India. Where data is transferred outside India, we do so only to the extent permitted under the DPDP Act and with appropriate safeguards.

13. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or the law. We will post the revised Policy here with a new “Last updated” date and, where appropriate, notify you. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

14. Grievance Officer & contact

In accordance with the DPDP Act, 2023 and Rule 5(9) of the IT Rules, 2011, you may contact our Grievance Officer for any questions, requests, or complaints regarding your personal data or this Policy: