Privacy notice
Last updated 6 July 2026 · Applies to Gymspire Academy staff using this app
Who we are
This app is operated by Gymspire Academy for its coaching staff. Gymspire Academy is the data controller for the personal data described below. Questions or requests (access, correction, deletion) go to the admin team.
What we store and why
- Account details — your name, email address, staff role, and assigned venues, so the app can show you the right programming, venues, and policies.
- Onboarding records — the details you submit during onboarding, which may include your date of birth, home address, emergency contact, National Insurance number, bank details, and right-to-work documents. These are collected for employment administration (payroll and legal right-to-work checks).
- Training and policy records — which policies you have read and acknowledged, including the exact version and time. These records cannot be edited or deleted through normal app access. Gymspire retains and deletes them through its controlled retention process.
The app stores no data about children or gymnasts. Policies describe how to work with young people; records about them live in Gymspire's class-management systems, not here.
Who can see your data
You can see your own records. Platform admins can see staff records for employment administration. Other coaches cannot see your personal data. Access rules are enforced on the server and covered by automated tests. Right-to-work and payroll details are shared with HR/payroll only through an admin-authenticated export.
Where it lives and how long we keep it
Data is stored in Google Firebase (Firestore and Cloud Storage) under Gymspire Academy's own account. Onboarding and right-to-work records are retained for the period required by UK employment law after you leave, then deleted; policy acknowledgement records are retained as part of Gymspire's compliance history. Full retention periods are set out in Gymspire's data retention policy — ask the admin team for a copy.
Your rights
Under UK GDPR you can ask for a copy of your data, ask for corrections, and — where no legal retention duty applies — ask for deletion. Contact the admin team; if you are not satisfied, you can complain to the ICO (ico.org.uk).