This Privacy Policy explains how Jenix India ("we", "us", or "our") collects, uses, and protects information when you use SmartGym EDGE — our gym access control software platform, including the web admin dashboard, mobile app, and edge hardware services (collectively, the "Service").
1. Information We Collect
We collect information necessary to operate the gym access control system:
- Account & Staff Data: Name, email address, phone number, role, and login credentials of gym staff and administrators.
- Member Data: Name, contact details, profile photo, membership details, payment history, and biometric identifiers (face templates stored locally on edge hardware only — never transmitted to our servers).
- Access Event Data: Entry/exit timestamps, access method used (RFID, QR, face), and device identifiers.
- Device Information: Hardware identifiers, IP addresses, and heartbeat data from edge devices.
- Usage Data: Log files, API request data, and error reports used for system diagnostics.
- Google Sign-In: If you sign in with Google, we receive your name, email, and profile picture from Google as authorised by you.
2. How We Use Your Information
- To operate and maintain the gym access control system.
- To authenticate users and enforce role-based access controls.
- To send membership renewal notifications via Firebase Cloud Messaging (FCM).
- To generate attendance reports, financial summaries, and operational analytics.
- To diagnose technical issues and improve system performance.
- To comply with legal obligations.
3. Data Storage & Security
Your data is stored in the following locations depending on your deployment:
- On-premise (Edge PC): Member biometric templates, access logs, and backup files are stored locally on the gym's own hardware and never leave the premises unless explicitly exported.
- Cloud (VPS): Central API server data — member records, staff profiles, memberships, and events — is stored in a MongoDB database on a secured private server.
- Firebase: Authentication tokens and push notification tokens are managed via Google Firebase. Refer to Google's Privacy Policy.
We implement industry-standard security measures including TLS/HTTPS encryption, JWT-based authentication, role-based access control, and regular data backups.
4. Third-Party Services
The Service integrates with the following third parties:
- Google Firebase — Authentication and push notifications (Firebase Privacy)
- Google Sign-In (OAuth 2.0) — Staff login via Google accounts
- MongoDB Atlas / Self-hosted MongoDB — Database storage
- Razorpay / UPI — Payment processing (gym operators' responsibility)
We do not sell your data to any third party.
5. Data Retention
- Access event logs are archived after 90 days and may be deleted after 12 months.
- Member and staff records are retained for the duration of active membership or employment and for up to 3 years thereafter for legal compliance.
- Backup files are stored only on the gym's own edge PC, under the gym operator's control.
- You may request deletion of your personal data by contacting us (see Section 8).
6. Your Rights
Depending on your location and applicable law, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Request deletion of your personal data ("right to be forgotten").
- Withdraw consent for data processing where consent was the legal basis.
- Data portability — receive your data in a structured, machine-readable format.
To exercise these rights, contact us at jenixindia@gmail.com.
7. Cookies & Tracking
The web admin dashboard uses:
- Local Storage / Session Storage — to maintain your login session and user preferences.
- No tracking cookies — we do not use advertising cookies or cross-site tracking.
- Google Tag Manager — on the marketing website only (not inside the admin dashboard), used for basic analytics.
8. Contact Us
For privacy-related inquiries, data requests, or to report a concern:
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify gym administrators of material changes via the admin dashboard notification or by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.