Privacy Policy

1. Overview

This Privacy Policy explains how Pact Fitness (ABN 21 104 678 352) ("Pact", "we", "us") collects, uses, stores, discloses, and protects personal information through the Pact platform (the "Service").

Pact is a software platform used by gyms, studios, and training facilities ("Gyms") to manage daily programming, track member engagement, collect session feedback, and support coaching workflows. This policy applies to all users of the Service, including Gym Owners, Coaches, and Members.

We are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

• Name and contact details (email, phone)
• Gym name, location, and business information
• Programming content and workout structures
• Coach posts and communications within the platform

• Name and email address
• Account preferences and settings
• Workout results, scores, weights, times, and notes
• Personal bests and training goals
• Session feedback and energy ratings
• Comments, reactions, and community interactions
• Privacy preferences (public or private results)

• Device information (browser type, operating system)
• Usage data (pages visited, features used, session duration)
• IP address and approximate location
• Login timestamps and activity patterns

3. How We Use Your Information

We use personal information to provide and operate the Service, including:

• Authenticating user accounts and managing access
• Displaying programming, workout logs, and results
• Tracking personal bests, goals, and member progress
• Generating coaching insights and member engagement signals for Gym Owners and Coaches
• Enabling community features such as comments and reactions
• Sending transactional emails (login codes, notifications)

We use usage data and feedback to improve the platform, fix issues, and develop new features.

We may aggregate and de-identify data collected through the Service to create Platform Data that cannot reasonably be used to identify any individual. We use Platform Data for:

• Industry benchmarking and trend analysis
• Product development and feature prioritisation
• Market research and commercial insights
• Informing partnerships with relevant brands and service providers

Platform Data is owned by Pact and may be used for any lawful commercial purpose. It will never be re-identified without explicit consent.

Members who choose to opt in may receive personalised product recommendations and offers from Pact's brand partners. These recommendations are based on training activity and preferences within the platform.

How this works:

• During onboarding or in account settings, Members can choose to enable personalised recommendations
• Pact uses training data (such as workout frequency, training type, energy ratings, and goals) to surface relevant product suggestions within the platform
• Pact manages all brand relationships directly - partner brands do not receive personally identifiable Member information unless the Member explicitly consents (for example, by choosing to redeem an offer)
• Members can opt out at any time via their account settings, with no impact on their use of the core Service

We do not sell individual personal information to third parties.

4. Legal Basis for Processing

Under the Australian Privacy Principles, we collect and use personal information where:

• It is reasonably necessary for providing the Service (APP 3)
• The individual has consented (for example, opting in to personalised recommendations)
• It is required or authorised by Australian law

5. Who We Share Information With

Member Data is shared with the Gym (Owners and Coaches) that the Member is associated with, for the purposes of coaching and programming. Members can control whether their results are public to the gym community or private.

We use trusted third-party service providers to help operate the Service, including:

• Supabase (database hosting and authentication)
• Vercel (application hosting)
• Resend (transactional email delivery)

These providers process data on our behalf and are contractually required to protect personal information.

If a Member has opted in to personalised recommendations and chooses to engage with a brand offer (for example, by redeeming a discount code or requesting a product), the Member's contact details may be shared with that brand partner solely for the purpose of fulfilling the offer. We will always make this clear to the Member before any information is shared.

We may disclose personal information if required by law, regulation, legal process, or enforceable government request, or to protect the rights, safety, or property of Pact, our users, or the public.

6. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Active accounts: data retained for the duration of the account
• Deleted Member accounts: personal data deleted within 30 days of account deletion request, except where retention is required by law
• Terminated Gym accounts: Gym Content and Member Data available for export for 30 days following termination, then deleted
• Platform Data (aggregated, de-identified): retained indefinitely as it cannot identify individuals
• Usage logs and analytics: retained for up to 24 months

7. Data Security

We implement reasonable technical and organisational measures to protect personal information, including:

• Encrypted data transmission (TLS/HTTPS)
• Row-level security (RLS) policies ensuring Gym data isolation
• Secure authentication via one-time passcode (OTP)
• Access controls limiting data visibility by role (Owner, Coach, Member)

No system is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

8. Your Rights

Under the Australian Privacy Act, you have the right to:

• Access the personal information we hold about you (APP 12)
• Request correction of inaccurate or incomplete information (APP 13)
• Request deletion of your account and associated personal data
• Opt out of personalised recommendations at any time
• Complain to us or to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at legal@pactfitness.xyz.

9. Member Data Portability

Members own their personal training data. If a Member transfers to a different Gym on Pact, their workout results, personal bests, and goals transfer with them. Members may also request an export of their data at any time.

10. Children's Privacy

The Service is not directed at individuals under 16 years of age. If a Gym permits Members under 16, the Gym is responsible for ensuring appropriate parental or guardian consent is obtained before those individuals use the Service.

11. International Data Transfers

Your data may be processed and stored in countries outside Australia where our service providers operate (including the United States). We ensure that any international transfers comply with the Australian Privacy Principles and that adequate protections are in place.

12. Cookies and Tracking

Pact uses essential cookies and local storage for authentication and session management. We do not use third-party advertising cookies or cross-site tracking.

We may use analytics tools to understand how the Service is used. Any analytics data is aggregated and does not identify individual users.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or through the Service at least 14 days before they take effect. The "Last updated" date at the top of this policy indicates when it was most recently revised.

14. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or how we handle personal information, please contact:

Pact Fitness (ABN 21 104 678 352)

Email: legal@pactfitness.xyz

Location: Perth, Western Australia

You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.