Privacy policy.
This Privacy Policy explains how Prism collects, uses, and shares information. This is placeholder copy — replace with your finalized policy, reviewed by counsel, before launch.
1. Information we collect
Account information (name, email), facility information (location, size), and member data (only as needed to provide the service).
2. How we use information
To provide and improve the services, to communicate with you, and to comply with legal obligations.
3. Sharing
We do not sell personal data. We share only with sub-processors (e.g. Stripe for payments, AWS for hosting) under appropriate data processing agreements.
4. International transfers
Data may be processed in the EU, UK, US, and UAE. Standard contractual clauses are in place where required.
5. Member data
Members are data subjects of the gym/operator (the controller). Prism acts as processor on the operator's behalf.
6. Retention
We retain account data for the duration of the contract and 90 days post-termination, after which it is deleted unless retention is legally required.
7. Your rights
Data subjects may request access, correction, deletion, portability, or restriction by contacting us.
8. Security
We employ industry-standard administrative, technical, and physical safeguards. Annual penetration testing.
9. Cookies
We use functional cookies for the marketing site. No third-party advertising trackers.
10. Contact
Questions to privacy@prism.gym. Complaints can be raised with the relevant supervisory authority.