← Back to Home

Privacy Policy

Last Updated: April 5, 2026

Introduction

GymReply ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automated Instagram messaging service.

Information We Collect

Account Information

  • Email address
  • Gym name and location
  • Encrypted Instagram Business account credentials
  • Payment information is processed securely via Stripe

Usage Data

  • Response templates and AI-generated messages
  • Analytics, performance metrics, and usage insights
  • Log data (IP address, browser type, and device information)

Instagram Data (Via Meta Graph API)

  • Access tokens for Instagram Business accounts
  • Customer Instagram usernames and profile information
  • Direct Message content strictly for automation purposes

How We Use Your Information

Provide and Maintain Service

We integrate with the Meta Graph API and request specific permissions (such asinstagram_manage_messages) to read incoming Direct Messages and send automated replies on behalf of your connected Instagram Business page.

Process Automation

We use your configured gym context and incoming messages to generate context-aware AI responses to your customers.

Improvement and Security

  • Analyze usage patterns to improve service quality
  • Process payments and help prevent fraud
  • Protect platform security and reliability
  • Comply with legal obligations

Data Storage and Security

  • All data is encrypted in transit (TLS/SSL)
  • Instagram tokens are encrypted at rest using AES-256-GCM
  • Message history is stored securely on Neon PostgreSQL for dashboard context
  • We implement industry-standard security measures, including audits and monitoring

Third-Party Services and Sub-Processors

We share necessary data with the following services to operate GymReply:

  • Meta/Instagram: Social media integration and message delivery
  • OpenAI: Automated response generation via API
  • Stripe: Payment processing (PCI-DSS compliant)
  • Vercel/Render: Application hosting
  • Neon: Database hosting

OpenAI requests are sent securely and configured for zero data retention. OpenAI does not use your gym's or your customers' data to train public models.

Data Retention

  • Account data: retained while your account is active
  • Message data: retained for service provision and dashboard analytics
  • Deleted account data: permanently deleted within 30 days of a verified request

Data Deletion Instructions

Last Updated: April 5, 2026

GymReply values your privacy and provides a straightforward way to manage and delete your data associated with our Instagram/Meta integration.

How to Delete Your Data

  1. Log into your Facebook account and go to Settings & Privacy > Settings.
  2. On the left menu, click on Apps and Websites.
  3. Locate GymReply and click the Remove button.
  4. A pop-up will appear; check the box that says "Allow Facebook to notify GymReply that your connection was removed."
  5. Once confirmed, Meta will send a de-authorization request to our servers.

Your Rights (GDPR and UK GDPR)

Under UK and European data protection laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data (Right to be Forgotten)
  • Object to or restrict data processing
  • Request data portability
  • Withdraw consent at any time

Cookies

We use essential cookies strictly for authentication, security, and core service functionality.

Children's Privacy

GymReply is a B2B service not intended for users under 18. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy as our service evolves. Changes will be posted on this page with an updated "Last Updated" date.

Contact Us

For privacy questions, GDPR inquiries, or data deletion requests: