Privacy Policy

Last Updated: March 30, 2026

Introduction

GymReply ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Account Information

Email address
Gym name and location
Instagram Business account credentials (encrypted)
Payment information (processed securely via Stripe)

Usage Data

Instagram DM conversations with your customers
Response templates and AI-generated messages
Analytics and performance metrics
Log data (IP address, browser type, device information)

Instagram Data

Access tokens for Instagram Business accounts
Customer Instagram usernames and profile information
Message content for automation purposes

How We Use Your Information

Provide and maintain the GymReply service
Process Instagram DM automation
Generate AI responses to customer messages
Analyze usage patterns and improve our service
Process payments and prevent fraud
Send service-related notifications
Comply with legal obligations

Data Storage and Security

All data is encrypted in transit (TLS/SSL)
Instagram tokens are encrypted at rest using AES-256-GCM
Data is stored on secure servers (Neon PostgreSQL)
We implement industry-standard security measures
Regular security audits and monitoring

Third-Party Services

We use the following third-party services:

Stripe: Payment processing (PCI-DSS compliant)
OpenAI: AI message generation
Meta/Instagram: Social media integration
Vercel/Render: Application hosting
Neon: Database hosting

Data Retention

Account data: Retained while your account is active
Message data: Retained for service provision and analytics
Deleted account data: Permanently deleted within 30 days

Data Deletion Instructions

How to Request Data Deletion:

If you wish to delete your data from GymReply:

1. Delete Your Account:

Log in to your GymReply dashboard
Navigate to Settings → Account
Click "Delete Account"
Confirm deletion

2. Email Request:

Send an email to: support@gymreply.com
Subject: "Data Deletion Request"
Include: Your registered email address
We will process your request within 30 days

3. Instagram Data:

Disconnect your Instagram account via GymReply Settings
This revokes our access to your Instagram data
You can also revoke access directly through the Instagram mobile app:

Open the Instagram mobile app
Go to Settings → Security → Apps and Websites
Find GymReply in the Active list
Tap Remove and confirm

Instagram data deletion is processed within 30 days per Meta Platform Policy. You can also use Meta's Data Deletion Request tool to request deletion of data associated with your Facebook/Instagram account.

What Gets Deleted:

Your account information
All conversation data
Response templates
Analytics data
Instagram access tokens

Data Retention After Deletion:

Financial records retained for 7 years (legal requirement)
Aggregated, anonymized analytics (cannot identify you)

Meta/Instagram Specific:

Per Meta's Platform Policy, you can delete data we've collected from Instagram by:

Revoking GymReply's access in Instagram Settings → Security → Apps and Websites
Contacting us at support@gymreply.com

Confirmation

After processing your deletion request, we will send a confirmation email to the address on file within 30 days.

If you do not receive confirmation within 30 days, please contact us at support@gymreply.com.

Your Rights

Under GDPR and UK data protection laws, you have the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data
Object to processing
Data portability
Withdraw consent

Cookies

We use essential cookies for:

Authentication
Security
Service functionality

Children's Privacy

GymReply is not intended for users under 18. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy. Changes will be posted on this page with an updated "Last Updated" date.

Contact Us

For privacy questions or data requests:

Email: support@gymreply.com
Response time: Within 72 hours