Go Grow Connect Logo

Privacy Policy

Last updated: 1st March 2026

1. Introduction

Go Grow Connect LTD ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Go Grow Connect fitness business management platform ("Service").

We are registered in England and Wales (Company Number: 16696746) and act as both a data controller and data processor depending on the context of data processing.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, business details
  • Profile Information: Personal details, preferences, profile pictures
  • Health Information: PAR-Q forms and health screening data (for club members)
  • Payment Information: Billing details processed securely through Stripe. We store Stripe subscription IDs, customer IDs, subscription status, billing period dates, and the last 4 digits of your payment method for reference. We do not store full card numbers, CVVs, or other sensitive payment credentials — these are held solely by Stripe.
  • Communication Data: Messages, support requests, feedback
  • Zoom Integration Data (if enabled): Zoom account identifiers, host email, OAuth token metadata, meeting IDs, and class session join links required to create and manage Zoom-enabled sessions
  • Content: Data uploaded to the platform, class bookings, membership details

2.2 Information Collected Automatically

  • Usage Data: How you interact with our Service, features used, time spent
  • Device Information: Browser type, operating system, device identifiers
  • Location Data: Approximate location based on IP address (city/country level only)
  • QR Code Scans: Entry/exit times at fitness facilities (for access control)

2.3 Analytics Information

We use Vercel Analytics, a privacy-friendly analytics service that:

  • Does not use cookies or track personal identifiers
  • Uses anonymized request hashing instead of IP address tracking
  • Cannot track users across different websites
  • Automatically discards data after 24 hours
  • Collects only aggregated, statistical information about page views
  • Does not store or process personal data

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

  • Creating and managing your account
  • Processing payments and subscriptions
  • Enabling class bookings and facility access
  • Facilitating communication between clubs and members
  • Creating, updating, and removing Zoom meetings for Zoom-enabled class sessions
  • Generating QR codes for facility access
  • Providing customer support

3.2 Communication

  • Sending service-related notifications
  • Responding to inquiries and support requests
  • Delivering newsletters and marketing communications (with consent)
  • Sending security alerts and important updates

3.3 Service Improvement

  • Analyzing usage patterns to improve our Service
  • Developing new features and functionality
  • Ensuring security and preventing fraud
  • Troubleshooting technical issues

4. Legal Bases for Processing

Under UK GDPR, we process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations
  • Legitimate Interests: Service improvement, security, fraud prevention, and analytics
  • Consent: Marketing communications and optional features (withdrawable at any time)
  • Legal Obligations: Compliance with financial, tax, and regulatory requirements
  • Vital Interests: Emergency situations involving health and safety

5. Data Sharing and Third Parties

5.1 Service Providers

We share data with trusted third-party service providers:

  • Stripe: Payment processing (PCI DSS compliant). Stripe collects identifying information about the devices that connect to its services, including device type, operating system, and identifying device tokens. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. Stripe also collects personal data including via cookies and similar technologies, and may collect your name, email address, and payment method information (such as card number, card brand, and expiration date) when processing a payment. For more details, please see Stripe's Privacy Policy.
  • Amazon Web Services (AWS): Hosting, email delivery, and data storage
  • Vercel: Website hosting and privacy-friendly analytics
  • Zoom: Virtual class session integrations. When enabled by an Organisation, we share class session metadata (for example topic and start/end time) to create and manage meetings and store returned meeting identifiers and join URLs. For more details, see Zoom's Privacy Statement.

5.2 Club Partners

When you join a club through our platform, we share relevant information with that club to provide membership services. The club acts as a data controller for this information.

5.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights, safety, or the rights of others.

5.4 No Data Sales

We do not sell, rent, or lease your personal information to third parties for their marketing purposes.

5.5 Payment Processing and Stripe Connect

We use Stripe Connect to facilitate payments between Organisation Customers and Organisations. Each Organisation maintains its own Stripe Connected Account. When you make a payment to an Organisation through our Platform:

  • Data shared with Stripe: We share your email address, internal user identifiers, and transaction metadata with Stripe to process payments.
  • Stripe as sub-processor: Stripe acts as a sub-processor for payment processing, fraud detection, and loss prevention.
  • Organisation access: Organisations can view transaction data relating to their customers through their Stripe dashboard.
  • Application fees: We collect an application fee percentage from each transaction processed through Connected Accounts, as agreed with the Organisation.
  • Payment methods: All customer payments are processed by card only. Stripe is PCI DSS compliant and handles all card data securely.
  • Data we store from Stripe: We store Stripe subscription IDs, customer IDs, subscription status, billing period dates, and the last 4 digits of your payment method. We do not store full card numbers or CVVs.

Organisation (platform) subscription payments are processed directly through Stripe and are not routed via Stripe Connect.

6. Data Security

We implement comprehensive security measures to protect your personal data:

  • Encryption: Data encrypted in transit (TLS) and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Security Audits: Ongoing monitoring and vulnerability assessments
  • Secure Infrastructure: AWS and Vercel's enterprise-grade security
  • Data Minimization: We collect only necessary information
  • Staff Training: Regular privacy and security training for our team

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

7. Data Retention

We retain personal data only as long as necessary:

  • Account Data: Until account deletion plus 30 days for backup recovery
  • Payment Records: 7 years for tax and accounting purposes
  • Health Data: As required by healthcare regulations or until consent withdrawal
  • Analytics Data: 24 hours (automatically deleted by Vercel Analytics)
  • Communication Records: 3 years for customer service purposes
  • Zoom Integration Data: Retained while the integration is active and for a limited period after disconnection where needed for security, audit, and operational integrity
  • Legal Hold: Extended retention when required by legal proceedings

After retention periods expire, we securely delete or anonymize personal data.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right of Rectification: Request correction of inaccurate data
  • Right of Erasure: Request deletion of your data (subject to legal requirements)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Remove consent for consent-based processing

To exercise these rights, please contact us at info@gogrowconnect.com. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data properly.

9. International Data Transfers

Your data may be processed outside the UK/EEA by our service providers (AWS, Stripe, Zoom). These transfers are protected by:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection laws
  • Service providers' compliance with international privacy frameworks
  • Additional safeguards and encryption measures

10. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we discover we have collected such information, we will delete it immediately.

For club memberships involving minors, parental consent and participation are required as determined by individual club policies.

11. Cookies and Tracking

Our Service uses minimal cookies and tracking:

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Remember your settings (theme, language)
  • No Marketing Tracking Cookies: We do not use third-party marketing or advertising tracking cookies
  • Third-Party Payment Cookies: Stripe may set cookies and use similar technologies on our payment pages for fraud detection, authentication, and analytics purposes. See Stripe's Privacy Policy for details.
  • Analytics: Vercel Analytics operates without cookies

You can control cookies through your browser settings, though disabling essential cookies may affect Service functionality.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will:

  • Post the updated policy on our website with a new "Last updated" date
  • Notify you by email for material changes
  • Provide notice through our Service interface
  • Maintain previous versions for reference

Continued use of our Service after updates constitutes acceptance of the revised Privacy Policy.

13. Contact Information

For any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Contact

Go Grow Connect LTD

Email: info@gogrowconnect.com

Subject: Privacy Policy Inquiry

Company Registration: 16696746

You can also contact us through our contact form for privacy-related inquiries.

14. Regulatory Information

Information Commissioner's Office (ICO)
If you have concerns about our data handling that we cannot resolve, you can contact the UK data protection authority:

Website: ico.org.uk

Phone: 0303 123 1113

Online: ico.org.uk/make-a-complaint

15. Mobile App Data Practices

This section provides additional information about data practices specific to our mobile application, as required by app store policies.

15.1 Data We Collect

  • Personal Information: Name, email address, phone number, address, and date of birth
  • Health Information: PAR-Q health screening questionnaire responses
  • Financial Information: Stripe payment/transaction IDs only (we do not store card details - all payment processing is handled securely by Stripe)
  • Location Data: Approximate location based on IP address (city/country level only)
  • App Activity: Class bookings, facility check-ins/visits, and feature usage
  • Device Information: Device identifiers, push notification tokens, and browser/operating system information

15.2 Data Sharing

Your data is shared only with parties necessary to provide our services:

  • Your Club/Organisation: When you sign up to a club, that specific club's administrators can view your membership data. Other clubs on our platform cannot access your information.
  • Third-Party Services: Stripe (payment processing via Stripe Connect — see Section 5.5 for details), AWS (hosting and email delivery), Vercel (website hosting), and Zoom (virtual class integration when enabled by your organisation)
  • No Data Sales: We do not sell your personal data to third parties

15.3 Data Security

  • All data is encrypted in transit using TLS/HTTPS
  • Data is encrypted at rest on our servers

15.4 Account Creation

  • Accounts are created using email address and password
  • Optional two-factor authentication (2FA) is available for enhanced security

15.5 Account and Data Deletion

To request deletion of your account and associated data:

  • Contact us via our contact page to request account deletion
  • Your data will be deleted within 90 days of your deletion request being processed
  • Certain records (such as payment transaction history) may be retained for up to 7 years as required for legal and tax purposes

This Privacy Policy is effective as of the date last updated above and applies to all users of the Go Grow Connect platform and website.