Last Updated: January 04, 2026
FitFlowUp collects data necessary to facilitate gym management. This includes Profile Information (names, emails, authentication via Supabase) and Operational Data (workout logs, membership cycles). We utilize a strict multi-tenant architecture: gym-specific data (Members, Subscriptions, Staff) is logically siloed and only accessible to authorized Gym Owners or specific roles granted explicit permission.
We implement rigorous Role-Based Access Controls to ensure data privacy. Private gym intelligence, including member lists and fiscal performance, is cryptographically protected and restricted. Access is exclusively granted to verified Gym Owners for their respective institutions; our system architecture prevents cross-tenant data leakage through Row-Level Security (RLS) policies.
Payment processing is handled securely via Stripe. FitFlowUp does not store raw credit card numbers or sensitive PCI-compliant data on its primary servers. Stripe processes these transactions under their own privacy protocols, returning only transaction status, last four digits of the card, and subscription metadata to our platform for your Business Flow tracking.
Our infrastructure is powered by Supabase (PostgreSQL) and hosted on enterprise-grade cloud providers. We utilize industry-standard AES-256 encryption at rest and TLS 1.3 encryption in transit. While we employ elite security measures to protect the "Flow" of your data, users acknowledge that no digital transmission is entirely immune to risk.
We retain data as long as an account remains active or as required by fiscal regulations. Gym Owners have the right to request a data export of their specific tenant members and transaction history. Upon account termination, data is subject to a 30-day "grace period" before permanent deletion from our active production databases, unless legal hold requirements apply.
Users (Gym Owners and Members) maintain rights under various global privacy frameworks (such as GDPR or CCPA) to access, rectify, or erase their personal data. For gym-specific data (e.g., a member wanting to delete their gym profile), FitFlowUp acts as the service provider; such requests should be initiated through the respective Gym Owner.