Privacy Policy

How AccessFit 24/7 collects, uses, and protects your personal information.

Effective Date: 1 January 2025

AccessFit 24/7 (“we”, “our”, “us”) operates a platform that connects gym members with fitness facilities through digital access control, membership management, and online payments. This Privacy Policy explains what data we collect, why we collect it, and how we keep it safe.

Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, and profile picture. Authentication is managed securely through Clerk, a third-party identity provider. We do not store passwords directly.

Payment Information

All payment processing is handled by Stripe. We never store your full credit card number, CVV, or banking details on our servers. Stripe is PCI DSS Level 1 compliant — the highest level of payment security certification.

Access & Activity Data

When you unlock a gym door, we record the time, location, and door accessed. This data is used for security auditing, occupancy tracking, and ensuring only authorised members can enter. Access control is powered by Airfob.

Device & Technical Data

We collect device tokens for push notifications (via Firebase Cloud Messaging), browser type, IP address for rate limiting and security, and basic usage analytics to improve the platform.

How We Use Your Information

Provide gym access, membership management, and class booking services
Process membership payments and send receipts via Stripe
Send important account notifications, booking confirmations, and safety alerts
Maintain security through access logging and anomaly detection
Improve the platform based on anonymised usage patterns

Data Sharing & Third Parties

We do not sell your personal information. We share data only with trusted service providers who are necessary to operate the platform:

StripePayment processing and gym owner payouts via Stripe Connect

AirfobDoor access control and smart lock management

ClerkAuthentication, session management, and identity verification

ResendTransactional email delivery (receipts, notifications, alerts)

Data Storage & Security

Your data is stored in a PostgreSQL database hosted in Australia (Sydney region). File uploads such as gym banners and safety videos are stored on Cloudflare R2 with restricted access. All data is transmitted over HTTPS with TLS encryption. We implement rate limiting, input validation, and role-based access controls to prevent unauthorised access.

Your Rights

You have the right to access, correct, or delete your personal data at any time. You can update your profile information directly through the app, or contact us at info@accessfit247.com to request a full data export or account deletion. We respond to all privacy requests within 30 days.

Data Retention

We retain your personal data for as long as your account is active. If you delete your account, personal data is removed within 30 days. Anonymised analytics and access audit logs may be retained longer for security and compliance purposes. Payment records are retained as required by Australian tax law.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or an in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

Contact

For privacy inquiries, data requests, or concerns, contact us at info@accessfit247.com. AccessFit 24/7 is operated from Sydney, NSW, Australia.