Questions about your data? Email alltimefitnessofficial@gmail.com
All Time Fitness
Join Now
YOUR DATA
[ Legal ]

User Data Policy

Last updated: 1 January 2024  ·  Effective for all ATF app users & members

Table of Contents
01What User Data We Collect
02ATF App Data
03How Data Is Stored
04Legal Basis & Compliance
05Third-Party Sharing
06Data Retention & Deletion
07Your Rights & Requests
This User Data Policy describes in detail the categories of data All Time Fitness ("ATF") collects from members, app users, and website visitors; how that data is processed; and how long it is retained. This policy supplements our Privacy Policy.
01 What User Data We Collect
Category
Examples
Purpose
Identity
Name, DOB, gender, photo
Membership management
Contact
Phone, email, address
Communication, billing
Fitness
Goals, measurements, workout logs
Personalised training
Financial
Transaction history, plan type
Payments, accounting
Biometric*
Fingerprint / face ID (if enrolled)
Secure access control
Device
IP, device model, OS, app version
App performance & security
Usage
Pages visited, features used, session length
Product improvement

* Biometric data is collected only with explicit written consent and is stored locally on the access-control hardware — not on ATF's central servers.

02 ATF App Data

When you use the All Time Fitness mobile app, we additionally collect:

  • Check-in History: Date, time, and branch of each gym visit.
  • Class Bookings: Classes booked, attended, and cancelled.
  • Personal Training Records: Sessions booked with specific trainers, session notes (shared with your trainer).
  • Workout Logs: Exercises, sets, reps, and weights you log within the app.
  • Notifications: Push notification preferences and click-through data.
  • Location (optional): Used only to show your nearest branch on a map. Never tracked in the background.
  • Camera / Photos (optional): Used only when you explicitly upload a profile picture. Not accessed otherwise.
03 How Data Is Stored
  • All member data is stored on encrypted cloud servers located within India, compliant with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
  • Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Access to member data is restricted to authorised ATF staff on a need-to-know basis, enforced through role-based access controls and audit logs.
  • We conduct regular data security reviews and penetration tests.
  • Backups are taken daily and stored in a separate encrypted environment for disaster recovery purposes.
04 Legal Basis & Compliance

ATF processes your data under the following legal bases:

  • Contract: Processing necessary to fulfil your membership agreement.
  • Consent: For marketing communications, biometric enrolment, and optional app features.
  • Legitimate Interest: For security, fraud prevention, and service improvement.
  • Legal Obligation: For accounting records, tax compliance, and responding to lawful government requests.

We comply with the Information Technology Act, 2000 and its associated rules. When the Digital Personal Data Protection Act, 2023 comes into full force, ATF's data practices will be updated to comply accordingly.

05 Third-Party Sharing

ATF may share user data with the following categories of third parties, subject to confidentiality agreements:

  • Payment Processors: Razorpay, PayU — for transaction processing only.
  • Communication Services: SMS/email providers for OTPs and transactional messages.
  • Analytics: Anonymised, aggregated data shared with analytics tools (e.g. Google Analytics). No personally identifiable information.
  • Franchise Operators: Limited member data shared with the franchisee of your home branch for operational management.
  • Government / Legal: When required by a court order or applicable law.

We do not sell, rent, or trade your personal data to advertisers or data brokers.

06 Data Retention & Deletion
  • Active Membership: Data retained for the duration of membership.
  • Post-cancellation: Data retained for 3 years for accounting and legal purposes, then securely deleted or anonymised.
  • Financial Records: Transaction data retained for 7 years per Indian tax law.
  • CCTV Footage: Retained for 30 days, then automatically overwritten unless required for an active security investigation.
  • App Usage Logs: Retained for 12 months, then aggregated and anonymised.
  • Biometric Data: Deleted immediately upon membership cancellation or member request.
07 Your Rights & Requests

You have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion ("Right to be Forgotten"): Request deletion of your data. We will comply within 30 days, subject to legal retention requirements.
  • Portability: Request your data in a machine-readable format (CSV/JSON).
  • Withdraw Consent: Withdraw consent for marketing or optional data processing at any time.
  • Object: Object to processing based on legitimate interest.

To submit a data request, email alltimefitnessofficial@gmail.com with subject line "Data Request — [Your Name]". Include your registered phone number for verification. We will respond within 30 days.

Privacy Policy → Payment Policy →