Privacy Policy
Last updated: February 2026
BlueGym Pte Ltd ("BlueGym", "we", "us", or "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore. This Privacy Policy explains how we collect, use, disclose, and protect your personal data.
1. Personal Data We Collect
We collect the following types of personal data:
Information You Provide
- Full name, email address, and phone number
- Payment information (processed securely via HitPay)
- Facial recognition data (biometric data for check-in purposes)
- Emergency contact information
- Google account information (if signing in via Google OAuth)
Information Collected Automatically
- Check-in and check-out records (including walk-in visitor sessions)
- Payment and subscription history
- Device and browser information when using our website
2. How We Use Your Personal Data
We use your personal data for the following purposes:
- To manage your gym membership and provide our services
- To process payments and subscriptions
- To enable facial recognition check-in at our facilities
- To send important notifications about your membership
- To improve our services and customer experience
- To comply with legal obligations
Facial Recognition Data
Your facial data is converted into a mathematical representation (face descriptor) and stored securely. We do not store actual photographs of your face. This data is used solely for contactless check-in at our gym facilities. You may opt out of facial recognition and use alternative check-in methods. If you request account deletion, your facial recognition data is deleted immediately upon request.
3. Disclosure of Personal Data
We may disclose your personal data to:
- Payment processor (HitPay) for transaction processing
- Cloud service providers for secure data storage
- Government authorities when required by law
We do not sell your personal data to third parties for marketing purposes.
4. Data Retention
We retain your personal data for as long as your membership is active. If you request account deletion, your account data is retained for 60 days to allow for reinstatement, after which it is permanently deleted. Facial recognition data is deleted immediately upon a deletion request. Members with active subscriptions must cancel their subscription before account deletion can be processed.
5. Data Security
We implement appropriate security measures to protect your personal data, including:
- Encryption of sensitive data in transit and at rest
- Secure password hashing using industry-standard algorithms
- Regular security assessments and updates
- Access controls limiting data access to authorized personnel
6. Your Rights
Under the PDPA, you have the right to:
- Access - Request a copy of your personal data
- Correction - Request correction of inaccurate data
- Withdrawal - Withdraw consent for data processing
- Deletion - Request deletion of your personal data (subject to legal requirements)
7. Cookies
Our website uses essential cookies for authentication and session management. We do not use tracking or advertising cookies.
8. Contact Us
For questions about this Privacy Policy or to exercise your data rights, contact our Data Protection Officer:
Email: privacy@bluegym.sg
Address: BlueGym Pte Ltd, Singapore
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our website.