Privacy Policy
Last updated Jun 14, 2026
This Privacy Policy explains how Twój Klub ("we", "the service") processes personal data when gym owners and trainers use the application to manage their gym.
The gym (organization) that uses the service is the data controller for its clients’ data; we act as the processor on its behalf.
What we collect
Account data for gym staff: name, email address, and a hashed password.
Client records entered by gym staff: name, and optionally phone number and free-text notes, plus a RODO consent flag and consent date.
Operational logs: a record of key actions (who did what and when), including timestamp, IP address, and browser user agent, kept for security and accountability.
Why we process it (legal basis)
To provide the service to the gym (performance of a contract).
For security, fraud prevention, and audit (legitimate interest).
Where you give it, your consent — which you may withdraw at any time.
Where your data is stored
All data is hosted within the European Union. We use Vercel (hosting and PostgreSQL database), Resend (transactional email), and Sentry (error monitoring), each configured for EU regions.
We do not transfer personal data outside the European Economic Area.
Sub-processors
Vercel — application hosting and database.
Resend — sending transactional email (e.g. invitations, password resets).
Sentry — error tracking and diagnostics.
How long we keep it
Account and business data are kept while the gym’s account is active.
Client records are soft-deleted (hidden but retained) so financial history stays consistent; they are permanently removed on an erasure request.
Operational logs are retained for security purposes.
Deleting an account removes its personal data, subject to legal retention obligations.
Your rights (RODO / GDPR)
You may request access, rectification, erasure, restriction, data portability (export), and object to processing.
You can export a gym’s data in a machine-readable format and request deletion of an account.
You may lodge a complaint with the Polish supervisory authority (UODO).
Cookies
We use only essential cookies: your sign-in session, your language preference, and a record that you have seen the cookie notice. We do not use advertising or analytics cookies.
Contact
For privacy questions or to exercise your rights, contact us at: [contact email — replace before launch].