Privacy policy

Prism collects the minimum personal data required to operate gym-management services. This includes contact details, booking and attendance history, and payment information processed via GoCardless and Stripe. We do not sell your data. Ever.

Data we collect

• Account and contact information you provide (name, email, phone, company)
• Booking, check-in, and payment history from the Prism service
• Technical data: IP, browser, cookies required for authentication
• Optional wearable data: only with explicit opt-in, revocable at any time

Why we collect it

• To provide the service you've contracted us to deliver
• To improve the product (aggregated, anonymised analytics)
• To satisfy tax and regulatory obligations

Your rights under UK GDPR

• Right of access — request a copy of your data
• Right to rectification — correct data that's wrong
• Right to erasure — we delete within 30 days where lawful
• Right to portability — take your data with you in a standard format
• Right to object — stop us processing for a given purpose

Exercise any right by emailing privacy@prism.fit. We reply within one working day and complete within 30 calendar days.