Security & compliance

How we protect your data.

Gym operators hold some of the most sensitive customer data there is — health signals, payment details, access patterns, children on family memberships. We take it seriously.

Compliance

Cyber Essentials Plus
ISO 27001 (in progress, audit Q2 2026)
GDPR + UK GDPR
G-Cloud 14 listed
CCS Technology Products framework

Access and identity

SAML SSO with SCIM provisioning
Role-based access control with audit trail
Mandatory MFA for admin accounts
Encryption at rest (AES-256) and in transit (TLS 1.3)
Quarterly permission reviews

Infrastructure

All customer data hosted in UK AWS regions
Daily off-region backups, 35-day retention
Quarterly penetration testing
24/7 incident response with 15-min page target
Optional dedicated tenancy on Prime

Reporting a vulnerability

We run a disclosure programme. Email security@prism.fit with a technical description and steps to reproduce. For sensitive reports we publish a PGP key at /.well-known/security.txt. We respond within one UK business day and never pursue legal action against good-faith researchers.

Accessibility

The member app and admin meet WCAG 2.2 AA, independently audited in Q1 2026. Audit reports available on request to procurement partners. Our accessibility statement is published at /accessibility.

Ready to see your gym?

45-minute demo. We pull your numbers into a dashboard you can take home.

Book a demo See pricing