Inkuity
Back to Home

Privacy Policy

Last updated: March 31, 2026

1. Introduction

Inkuity Inc. ("Inkuity", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our gym management platform ("Service"), including our website, member portal, and progressive web application.

2. Information We Collect

We collect the following categories of information:

a. Account and Profile Information

  • Full name, email address, phone number, and password
  • Google account information (if you sign in with Google)
  • Gym details: gym name, address, city, state, zip code, phone, email, website, and logo

b. Member Data (Entered by Gym Owners)

  • Member name, email, phone number, date of birth, and gender
  • Membership tier, status (active, trial, expired, pending), and membership dates
  • Check-in and check-out records with timestamps and duration
  • Payment records (amount, date, method type, status)
  • Referral relationships and status
  • Blacklist status and reason (if applicable)

c. Health and Fitness Data

  • Height, weight, and target weight
  • Fitness goals (e.g., lose weight, gain muscle, maintain)
  • Activity level
  • Dietary preferences (vegetarian, non-vegetarian, vegan, eggetarian)
  • Food allergies
  • Cuisine preferences
  • Workout routines, exercises, sets, reps, and weights
  • Personal fitness records
  • Custom tracker goals and daily logs

d. QR Code Scan Data (Automatically Collected)

  • IP address
  • Device type (mobile, tablet, desktop)
  • Browser name and version
  • Operating system
  • User agent string
  • Referrer URL
  • UTM tracking parameters (source, medium, campaign)
  • Timestamp of scan

e. Staff Data

  • Staff name, phone number, email, and role
  • Employment status and compensation details

f. Push Notification Data

  • Push subscription endpoint URL
  • Encryption keys (P256DH and auth keys)
  • Notification preferences (meal, workout, tracker reminders)

g. Communication Data

  • Contact form submissions (name, email, message)
  • Feedback responses and ratings
  • Gym reviews

h. Usage and Technical Data

  • Pages visited and features used
  • Device information and browser type
  • Error logs and application exceptions

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process member check-ins via QR codes and manage membership data
  • Provide AI-powered calorie tracking using your health and fitness data
  • Send transactional emails (PIN verification, announcements, feedback requests)
  • Deliver push notifications for meal, workout, and tracker reminders
  • Generate analytics and reports for gym owners (check-in trends, visit patterns, device breakdowns)
  • Facilitate the member referral program
  • Respond to your inquiries and provide customer support
  • Detect and prevent fraud, abuse, and bot activity
  • Monitor and improve Service performance and reliability
  • Comply with legal obligations

4. AI Processing and Automated Decision-Making

We use third-party AI services to provide personalized calorie tracking. When you use this feature, the following data is sent to our AI provider for processing:

  • Name, age, gender, height, and weight
  • Target weight and fitness goals
  • Activity level and dietary preferences
  • Cuisine preferences and allergies

AI-generated calorie and nutrition data are created automatically based on the data you provide. These results are for informational purposes only and are not medical advice. AI feature usage is rate-limited and may be subject to eligibility requirements. You may opt out of AI features by not using the calorie tracking feature.

5. Data Sharing and Third-Party Services

We do not sell your personal information. We share data with the following categories of third-party service providers who assist us in operating the Service:

  • Cloud Infrastructure (Supabase): Database hosting, user authentication, file storage, and real-time data services
  • Email Delivery (Resend): Sending PIN verification emails, announcements, feedback requests, and notifications
  • AI Processing (Anthropic): Providing personalized calorie tracking from your health and fitness data
  • Product Analytics (PostHog): Tracking feature usage, user behavior patterns, and Service performance
  • Error Monitoring (Sentry): Capturing application errors and exceptions for debugging
  • Bot Protection (Cloudflare Turnstile): Verifying human users on forms and preventing automated abuse

We may also share data with:

  • Gym Owners: Member data, check-in records, and analytics are accessible to the gym owner who manages the account
  • Gym Staff: Staff members may access gym-specific data based on their assigned role
  • Legal Requirements: When required by law, regulation, or legal process

6. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence, including in the United States. Our third-party service providers operate globally. By using the Service, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

7. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

  • Authentication Cookies: Session cookies managed by our authentication provider to keep you signed in
  • Member Portal Session: A session cookie (30-day duration) to maintain your member portal login
  • Onboarding Cache: A temporary cookie (1-hour duration) to track onboarding completion status
  • Analytics: PostHog uses cookies and local storage to track feature usage and user behavior

We do not use third-party advertising cookies. Authentication and session cookies are essential for the Service to function. You can manage cookie preferences through your browser settings, but disabling essential cookies may affect Service functionality.

8. Data Security

We implement the following security measures to protect your data:

  • Encryption in transit (TLS/SSL) for all data transmissions
  • AES-256-CBC encryption for member PINs with unique initialization vectors
  • Passwords hashed and managed by our authentication provider
  • Row-level security policies ensuring users can only access their own data
  • Rate limiting on authentication attempts, QR scans, and AI requests
  • Bot protection on all public forms
  • HttpOnly and Secure flags on session cookies
  • Security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy)
  • Timing-safe comparison for PIN verification to prevent timing attacks

However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Data Retention

We retain your data according to the following schedule:

  • Account and profile data: Retained while your account is active
  • Check-in and scan records: Retained for the duration of the gym's account
  • Analytics data: Aggregated and retained for trend analysis
  • Push notification subscriptions: Automatically deleted when they become invalid
  • Error logs: Retained per our error monitoring provider's retention policy

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time
  • Opt out of AI-powered features and automated decision-making
  • Opt out of push notifications
  • Request information about the third parties with whom your data has been shared

To exercise these rights, contact us at contact@inkuity.com. We will respond to your request within 30 days.

11. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a gym owner, you are responsible for ensuring that you do not enter data of children under 13 into the Service without appropriate parental consent. If you believe we have collected data from a child under 13, contact us and we will delete it promptly.

12. Gym Owner Data Responsibilities

Gym owners act as data controllers for member data they enter into the Service. As a gym owner, you are responsible for:

  • Obtaining appropriate consent from your members for data collection
  • Informing members about how their data is processed through Inkuity
  • Responding to member data access and deletion requests for data you control
  • Ensuring the accuracy of member data you enter
  • Complying with applicable data protection laws in your jurisdiction

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service. The "Last updated" date at the top reflects when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: contact@inkuity.com