Privacy & Security

Privacy Policy

Last updated: 2/8/2026

Privacy Policy

1. Information We Collect

We collect various types of information to provide and improve our services:

  • Personal Information: Name, email, phone number, address
  • Business Information: Gym details, member data, staff information
  • Payment Information: Processed securely through Razorpay (PCI-compliant)
  • KYC Documents: Aadhaar, PAN, bank details for payment gateway setup
  • Biometric Data: Fingerprints (if biometric devices are used)
  • Usage Data: Analytics, login history, feature usage patterns

2. How We Collect Information

  • Direct registration and account creation
  • Razorpay onboarding and KYC verification process
  • Biometric device enrollment and attendance tracking
  • Automated collection through cookies and analytics tools
  • Customer support interactions

3. How We Use Your Information

  • Provide and maintain our gym management services
  • Process payments and financial transactions
  • Complete KYC verification for payment gateway activation
  • Enable biometric attendance features
  • Send important updates, notifications, and invoices
  • Improve our services and user experience
  • Comply with legal and regulatory obligations
  • Prevent fraud and ensure platform security
KYC & Payment Data Privacy

4. KYC Document Handling

During Razorpay payment gateway onboarding, we collect sensitive documents:

  • Aadhaar Card: Used for identity verification only
  • PAN Card: Required for tax compliance and payment processing
  • Bank Details: Securely stored for payment settlements
  • OTP Verifications: Temporary codes not stored after verification

5. How KYC Data is Protected

  • Encryption: All documents encrypted during transmission and storage
  • Secure Partner: KYC processed through RBI-approved Razorpay platform
  • Limited Access: Only authorized personnel can access KYC data
  • Compliance: Adheres to RBI, IT Act, and Aadhaar regulations
  • No Selling: We never sell or share KYC documents with third parties

6. OTP and Authentication Data

One-Time Passwords (OTPs) used during verification:

  • OTPs are valid only for a limited time (typically 10 minutes)
  • Not stored after successful verification
  • Sent via SMS or email through secure channels
  • Used exclusively for identity confirmation

Important Privacy Note

Your Aadhaar, PAN, and bank details are transmitted directly to Razorpay's secure servers. TrackyFy acts only as a facilitator and does not store full KYC documents on our servers. Only verification status and masked information (e.g., last 4 digits) are retained for reference.

Biometric Data Privacy

7. Biometric Information Collection

If you use our biometric attendance devices:

  • Fingerprint data is collected for member attendance tracking
  • Biometric templates (not actual fingerprints) are stored
  • Data is encrypted and stored on secure servers
  • Used exclusively for attendance verification purposes

8. Biometric Data Security

  • Encryption: Military-grade AES-256 encryption
  • Template Storage: Mathematical representation, not actual fingerprints
  • No Reverse Engineering: Templates cannot be converted back to fingerprints
  • Access Control: Strict authentication required for data access
  • Member Consent: Biometric enrollment requires explicit member consent

9. Biometric Data Retention

Biometric data is retained:

  • For the duration of active membership
  • 30 days after membership expiry (for reactivation)
  • Permanently deleted upon user request or after retention period

10. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only with:

  • Your Explicit Consent: When you authorize sharing
  • Service Providers: Razorpay for payments, courier services for hardware delivery
  • Legal Compliance: When required by law, court orders, or regulatory authorities
  • Business Protection: To prevent fraud, enforce terms, or protect rights

11. Data Security Measures

We implement comprehensive security measures:

  • SSL/TLS encryption for data transmission
  • Encrypted database storage
  • Regular security audits and vulnerability assessments
  • Two-factor authentication (2FA) options
  • Firewall protection and intrusion detection systems
  • Employee training on data protection

12. Data Retention

We retain your information for as long as necessary to:

  • Provide services during active subscription
  • Comply with legal, tax, and accounting requirements
  • Resolve disputes and enforce agreements
  • 30 days post-subscription for data recovery purposes

You may request earlier deletion of your data at any time.

13. Your Privacy Rights

Under applicable data protection laws, you have the right to:

  • Access: Request copies of your personal information
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data (right to be forgotten)
  • Portability: Export your data in a structured format
  • Opt-Out: Unsubscribe from marketing communications
  • Restriction: Limit how we use your data
  • Objection: Object to data processing for specific purposes

14. Cookies and Tracking

We use cookies to enhance your experience, analyze usage, and provide personalized content. Types of cookies used:

  • Essential Cookies: Required for platform functionality
  • Performance Cookies: Collect anonymous usage statistics
  • Functional Cookies: Remember your preferences

You can control cookie settings through your browser preferences.

15. Children's Privacy

TrackyFy is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware of such data, it will be promptly deleted.

16. International Data Transfers

Your data is primarily stored on servers located in India. If data is transferred internationally, we ensure adequate safeguards are in place per applicable laws.

17. Changes to Privacy Policy

We may update this Privacy Policy periodically. Changes will be communicated via:

  • Email notification to registered users
  • In-app notifications
  • Website banner announcement

Continued use of services after changes indicates acceptance of the updated policy.

18. Contact Us for Privacy Concerns

For privacy-related questions, data requests, or concerns, contact:

Data Protection Officer
TRACKYVERSE TECHNOLOGIES PRIVATE LIMITED
Madhopara, Arabiya College Road
Purnea, Purnia- 854301, Bihar, India
Phone: +91-8102614395
Email: privacy@trackyfy.com | support@trackyfy.com

Our Commitment

Your privacy and data security are our top priorities. We are committed to transparency, compliance with data protection laws, and protecting your sensitive information with industry-leading security measures.