GoGrowConnect Logo

Privacy Policy

Last updated: 28 September 2025

1. Introduction

Go Grow Connect LTD ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Connected fitness business management platform ("Service").

We are registered in England and Wales (Company Number: 16696746) and act as both a data controller and data processor depending on the context of data processing.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, business details
  • Profile Information: Personal details, preferences, profile pictures
  • Health Information: PAR-Q forms and health screening data (for gym members)
  • Payment Information: Billing details (processed securely through Stripe)
  • Communication Data: Messages, support requests, feedback
  • Content: Data uploaded to the platform, class bookings, membership details

2.2 Information Collected Automatically

  • Usage Data: How you interact with our Service, features used, time spent
  • Device Information: Browser type, operating system, device identifiers
  • Location Data: Approximate location based on IP address (city/country level only)
  • QR Code Scans: Entry/exit times at fitness facilities (for access control)

2.3 Analytics Information

We use Vercel Analytics, a privacy-friendly analytics service that:

  • Does not use cookies or track personal identifiers
  • Uses anonymized request hashing instead of IP address tracking
  • Cannot track users across different websites
  • Automatically discards data after 24 hours
  • Collects only aggregated, statistical information about page views
  • Does not store or process personal data

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

  • Creating and managing your account
  • Processing payments and subscriptions
  • Enabling class bookings and facility access
  • Facilitating communication between gyms and members
  • Generating QR codes for facility access
  • Providing customer support

3.2 Communication

  • Sending service-related notifications
  • Responding to inquiries and support requests
  • Delivering newsletters and marketing communications (with consent)
  • Sending security alerts and important updates

3.3 Service Improvement

  • Analyzing usage patterns to improve our Service
  • Developing new features and functionality
  • Ensuring security and preventing fraud
  • Troubleshooting technical issues

4. Legal Bases for Processing

Under UK GDPR, we process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations
  • Legitimate Interests: Service improvement, security, fraud prevention, and analytics
  • Consent: Marketing communications and optional features (withdrawable at any time)
  • Legal Obligations: Compliance with financial, tax, and regulatory requirements
  • Vital Interests: Emergency situations involving health and safety

5. Data Sharing and Third Parties

5.1 Service Providers

We share data with trusted third-party service providers:

  • Stripe: Payment processing (PCI DSS compliant)
  • Amazon Web Services (AWS): Hosting, email delivery, and data storage
  • Vercel: Website hosting and privacy-friendly analytics

5.2 Gym Partners

When you join a gym through our platform, we share relevant information with that gym to provide membership services. The gym acts as a data controller for this information.

5.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights, safety, or the rights of others.

5.4 No Data Sales

We do not sell, rent, or lease your personal information to third parties for their marketing purposes.

6. Data Security

We implement comprehensive security measures to protect your personal data:

  • Encryption: Data encrypted in transit (TLS) and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Security Audits: Ongoing monitoring and vulnerability assessments
  • Secure Infrastructure: AWS and Vercel's enterprise-grade security
  • Data Minimization: We collect only necessary information
  • Staff Training: Regular privacy and security training for our team

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

7. Data Retention

We retain personal data only as long as necessary:

  • Account Data: Until account deletion plus 30 days for backup recovery
  • Payment Records: 7 years for tax and accounting purposes
  • Health Data: As required by healthcare regulations or until consent withdrawal
  • Analytics Data: 24 hours (automatically deleted by Vercel Analytics)
  • Communication Records: 3 years for customer service purposes
  • Legal Hold: Extended retention when required by legal proceedings

After retention periods expire, we securely delete or anonymize personal data.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right of Rectification: Request correction of inaccurate data
  • Right of Erasure: Request deletion of your data (subject to legal requirements)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Remove consent for consent-based processing

To exercise these rights, please contact us at info@gogrowconnect.com. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data properly.

9. International Data Transfers

Your data may be processed outside the UK/EEA by our service providers (AWS, Stripe). These transfers are protected by:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection laws
  • Service providers' compliance with international privacy frameworks
  • Additional safeguards and encryption measures

10. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we discover we have collected such information, we will delete it immediately.

For gym memberships involving minors, parental consent and participation are required as determined by individual gym policies.

11. Cookies and Tracking

Our Service uses minimal cookies and tracking:

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Remember your settings (theme, language)
  • No Tracking Cookies: We do not use third-party tracking cookies
  • Analytics: Vercel Analytics operates without cookies

You can control cookies through your browser settings, though disabling essential cookies may affect Service functionality.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will:

  • Post the updated policy on our website with a new "Last updated" date
  • Notify you by email for material changes
  • Provide notice through our Service interface
  • Maintain previous versions for reference

Continued use of our Service after updates constitutes acceptance of the revised Privacy Policy.

13. Contact Information

For any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Contact

Go Grow Connect LTD

Email: info@gogrowconnect.com

Subject: Privacy Policy Inquiry

Company Registration: 16696746

You can also contact us through our contact form for privacy-related inquiries.

14. Regulatory Information

Information Commissioner's Office (ICO)
If you have concerns about our data handling that we cannot resolve, you can contact the UK data protection authority:

Website: ico.org.uk

Phone: 0303 123 1113

Online: ico.org.uk/make-a-complaint

This Privacy Policy is effective as of the date last updated above and applies to all users of the Connected platform and website.