Security at Gympify

We take the security of your data seriously. Our platform is built with enterprise-grade security to ensure your business and member information is safe (see our Privacy Policy).

1. Infrastructure Security

Gympify is hosted on world-class cloud infrastructure providers (such as AWS and Google Cloud Platform) that maintain industry-standard security certifications, including ISO 27001, SOC 2 Type II, and PCI DSS Level 1.

  • Physical Security: Data centers feature strictly controlled physical access, professional security staff, and environmental controls.
  • Network Security: Our networks are protected by firewalls and best-in-class router configurations. We use Cloudflare to protect against DDoS attacks.

2. Data Encryption

We employ strong encryption methods to protect your data both in transit and at rest.

  • In Transit: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS) 1.2 or newer.
  • At Rest: Customer data stored in our databases is encrypted using AES-256 encryption.

3. Application Security

Our development lifecycle ensures security is considered at every step.

  • Code Reviews: All code changes undergo peer review and security analysis before deployment.
  • Vulnerability Scanning: We regularly scan our applications and dependencies for known vulnerabilities.
  • Penetration Testing: We engage independent third-party security firms to conduct annual penetration tests.

4. Access Controls

Implementation of strict access controls ensures only authorized personnel can access sensitive data.

  • Principle of Least Privilege: Employees are granted the minimum level of access necessary to perform their roles.
  • Multi-Factor Authentication (MFA): MFA is enforced for all administrative access to our systems.
  • Audit Logs: We maintain detailed logs of system access and activities for security auditing.

5. Incident Response & Breach Notification

We have a defined incident response plan to handle security events. In the event of a Personal Data breach, we are committed to notifying affected customers without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with GDPR and other applicable laws.

6. Business Continuity

We maintain robust backup and disaster recovery plans to ensure service availability. Data is backed up daily and stored in multiple geographic locations to protect against data loss.

Found a security vulnerability?

Report a Vulnerability

Ready to Transform Your Gym?

Join thousands of gym owners growing their business with Gympify.

Get Started Free Schedule Demo

No credit card required for trial.