How we collect, use, store and protect your information.
Gym Xplode Pty Ltd ("Gym Xplode", "we", "us", or "our") provides marketing services, automation tools and customer relationship management ("CRM") systems to gyms, fitness studios and franchise networks ("Clients").
This Privacy Policy outlines how we collect, use, store, disclose and protect personal information when delivering our services.
Under the Australian Privacy Principles (APPs), our Clients remain the data controllers of all lead and member information they collect or upload. Gym Xplode acts strictly as a data processor on behalf of Clients, unless otherwise stated.
Gym Xplode complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Policy is designed to meet the requirements of APP 1 (Openness), APP 5 (Collection Notification), APP 6 (Use and Disclosure), APP 10 (Quality of Personal Information), APP 11 (Security of Personal Information), and APP 12/13 (Access and Correction).
Where applicable, we also align with international data protection standards including GDPR-style rights and safeguards.
This policy applies to:
Clients are responsible for ensuring they have obtained valid consent before supplying us with end-user information.
We may collect or process the following categories of personal information:
Gym Xplode processes Sensitive Information (such as health, fitness or injury disclosures) only on the instruction of the Client, who is responsible for obtaining the individual's explicit consent before collecting or supplying such information to us. Gym Xplode treats Sensitive Information with a higher level of protection and does not use it for marketing or any purpose beyond the Client's direct business needs.
We do not knowingly collect personal information from children under 16.
We collect personal information through:
Clients remain responsible for ensuring the lawful collection of information they provide to us.
Gym Xplode takes reasonable steps to ensure the Personal Information we process is accurate, up-to-date, complete and relevant. We also support Clients in correcting or updating information and in maintaining data minimisation practices.
We process information solely for legitimate business purposes and to support our Clients, including:
We do not sell personal information. All lead and member information remains the property of the Client.
Where relevant, we rely on:
Personal information may be disclosed:
Clients always retain ownership and primary control over the data.
Trusted providers assisting us in delivering services, including:
These parties are bound by confidentiality and security obligations. A current list of Gym Xplode's Sub-processors is available to Clients upon request. All Sub-processors are contractually required to implement data protection measures that meet or exceed the standards described in this Policy.
We may disclose information to comply with legal processes or regulatory requirements.
In the event of a merger, acquisition or restructure, information may transfer under the same protections.
Some data may be stored or processed overseas. Where transfers occur, we take reasonable steps to ensure any overseas recipients of Personal Information do not breach the Australian Privacy Principles. Use of our services indicates consent to such transfers.
We retain personal information only for as long as necessary to:
Upon Client request or termination, data will be securely deleted or anonymised, or returned to the Client if requested prior to deletion.
Gym Xplode uses a secure third-party CRM platform to manage lead and member information. This platform provides a 60-day data restoration period for deleted contact records. After this period, information is permanently deleted by the system and cannot be recovered. Certain associated data such as messages or notes may not be restored even within the recovery window.
If long-term or permanent record-keeping is required, we recommend Clients maintain their own archive or export of contact information.
We implement industry-standard security controls, including:
While no system is completely immune to risk, we take reasonable steps to safeguard information. In the event of a data breach involving Personal Information that is likely to cause serious harm, Gym Xplode will notify the Client as soon as practicable and assist the Client in meeting their obligations under the Notifiable Data Breaches (NDB) Scheme. This includes investigating the incident, assessing potential impacts, and supporting communication with affected individuals.
Individuals may request:
Requests may be directed to the Client or to Gym Xplode.
We use cookies and analytics tools to enhance service performance. Users may disable cookies, though some functionality may be restricted.
Our website may contain links to external sites. We are not responsible for third-party privacy practices. Please review the privacy policies of each site you visit.
We may update this Privacy Policy periodically. The latest version will always be available on our website.
If you have questions about this Privacy Policy or want to contact us, please send an email to admin@gymxplode.ai.
Individuals may request access to, correction of, or deletion of their Personal Information by contacting the Client directly or by contacting Gym Xplode at admin@gymxplode.ai.
We will respond to privacy enquiries or complaints within a reasonable timeframe. If the individual is not satisfied with our response, they may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.