Your data is safe with us.
This page is maintained by GymFlow to answer common security questions about our platform. It describes the controls currently enabled — not a third-party certification.
Data is encrypted in transit with TLS 1.2+ and at rest on our managed cloud database. Backups inherit the same protections.
Role-based access controls in-app, mandatory strong passwords, and optional two-factor authentication for owner and admin accounts.
Production workloads run on managed cloud infrastructure in Indian regions where available, with redundancy across availability zones.
Automated daily backups with point-in-time recovery for the production database. You can also export your data on demand.
Our team accesses customer data only when required for support, with audited access and time-bound credentials.
We have an internal runbook for handling incidents and will notify affected customers without undue delay.
Shared responsibility
Security is a partnership. GymFlow secures the platform, the infrastructure, and the underlying services. Gym owners are responsible for managing their team's access, keeping credentials safe, and using strong passwords and two-factor authentication.
Reporting a vulnerability
If you believe you've found a security issue, please email security@gymflow.inwith steps to reproduce. We respond to legitimate reports within two business days and appreciate responsible disclosure.
Compliance
We operate in line with applicable Indian data protection rules. We don't currently claim formal SOC 2, ISO, or HIPAA certifications — if your business needs evidence for a specific framework, contact us and we'll share what we can.