PRIVACY POLICY - Version 1.2 | Effective Date: 22 September 2025

GymGoer Pty Ltd (ABN 38 680 858 440)

1. Purpose and Scope

1.1 GymGoer Pty Ltd (“GymGoer”, “we”, “us” or “our”) is committed to protecting the privacy and personal information of individuals in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) set out in Schedule 1 of that Act.
1.2 This Privacy Policy outlines how we collect, use, disclose, store and manage personal information, including information collected through our mobile application, website, and related services (“Services”).
1.3 This Policy applies to all individuals from whom we collect personal information, including but not limited to users of the GymGoer platform (“Members”), representatives of subscribing gyms (“Gym Partners”), contractors, and other users or stakeholders.

2. Minimum Age Requirement

2.1 The GymGoer platform and associated Services are available only to individuals who are 18 years of age or older.
2.2 By accessing or using our Services, you warrant that you are at least 18 years old. We do not knowingly collect personal information from individuals under 18 years of age.

3. Collection of Personal Information

3.1 GymGoer may collect and hold personal information including, but not limited to:
(a) Name, address, email address and phone number;
(b) Account login credentials;
(c) Payment and billing details (via third-party processors);
(d) Usage data including IP address, device ID, mobile operating system, browser type and access times;
(e) Location data, where permission is granted;
(f) Information voluntarily provided via feedback, surveys or customer support;
(g) Attribution and analytics data collected through third-party providers (including AppsFlyer), such as device identifiers, referral source, advertising engagement, install timestamp, in-app activity events, crash reports, purchase event details (transaction value, currency, product ID, order ID, quantity), and performance diagnostics.
3.2 Personal information may be collected directly from the individual or via third parties, including Gym Partners and service providers.
3.3 GymGoer maintains records of user consent, including the time, method, and scope of consent provided in relation to the collection, use, and disclosure of personal information.

4. Use of Personal Information

4.1 GymGoer collects and uses personal information for purposes including, but not limited to:
(a) Providing and managing access to the GymGoer platform;
(b) Facilitating gym pass transactions and associated services;
(c) Communicating with users regarding updates, promotions or service offerings;
(d) Conducting analytics and improving functionality of our platform;
(e) Complying with legal obligations or responding to lawful requests;
(f) Measuring app performance, installs, referral activity, attribution, and purchase events through AppsFlyer and similar providers;
(g) Fraud prevention, account security, and verification of user activity;
(h) Delivering personalised recommendations, advertising, promotions, and aggregated business insights for Gym Partners.
4.2 Where permitted, GymGoer may use automated decision-making tools for limited purposes, such as fraud prevention, user segmentation, and gym or content recommendations. These tools do not make decisions that have legal or similarly significant effects without human oversight.
4.3 GymGoer complies with the requirements of the Spam Act 2003 (Cth). All commercial electronic messages sent by GymGoer contain accurate sender identification, provide a functional unsubscribe facility, and are only sent with the recipient’s express or inferred consent.
4.4 GymGoer provides users with the ability to manage the visibility of their profile and activity information within the platform.
4.5 GymGoer may use your personal information, including activity and interaction data, to deliver targeted advertising or tailored content through our Services or third-party platforms.

5. Consequences of Non-Disclosure

5.1 If you choose not to provide certain personal information, GymGoer may be unable to:
(a) Register you for an account;
(b) Provide access to certain features or services;
(c) Respond to support requests or process transactions.

6. Disclosure of Personal Information

6.1 We may disclose personal information to third parties where reasonably necessary for the purposes set out in this Policy, including to:
(a) Gym Partners;
(b) Employees, contractors, professional advisers and service providers;
(c) Third-party software and payment platforms (e.g., Apple Pay, Stripe);
(d) Analytics and attribution platforms (including AppsFlyer), which may collect and process device, usage, and purchase event data on our behalf for the purposes of tracking installs, user engagement, transactions, and referral outcomes;
(e) Cloud hosting, IT support, and security service providers;
(f) Regulatory bodies, courts or law enforcement agencies as required by law;
(g) Successors or assignees in the event of a business transfer.
6.2 All third parties receiving personal information are required to adhere to confidentiality obligations and may only use such information for the limited purposes for which it was disclosed.

7. Overseas Disclosure

7.1 Personal information may be disclosed to third parties located outside of Australia, including but not limited to the United States, Israel (AppsFlyer HQ), Singapore, and the European Union.
7.2 Where information is disclosed internationally, we implement safeguards in accordance with APP 8, such as:
(a) Binding contractual clauses;
(b) Use of providers with adequate data protection standards (e.g., GDPR-compliant platforms such as AppsFlyer);
(c) Ongoing assessments of overseas data handling practices.

8. Data Retention and Deletion

8.1 Personal information will be retained only for as long as is reasonably necessary to fulfil the purposes outlined in this Policy, or as required by applicable laws.
8.2 When personal information is no longer required, we will take reasonable steps to destroy or de-identify it securely.

9. Security of Personal Information

9.1 GymGoer implements appropriate physical, electronic and administrative safeguards to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.
9.2 Despite these safeguards, no data transmission can be guaranteed as fully secure. You acknowledge and accept this risk when transmitting information to us.
9.3 In the event of a data breach likely to result in serious harm, we will notify affected individuals and report to the Office of the Australian Information Commissioner (OAIC) within required timeframes.
9.4 GymGoer implements internal controls and procedures to ensure that personal information used for marketing purposes is handled in accordance with applicable privacy and electronic communications laws.

10. Access and Correction

10.1 You may request access to, or correction of, personal information held about you by contacting our Privacy Officer at help@joingymgoer.com.
10.2 We will respond to access or correction requests within 30 days, subject to applicable exceptions under the Privacy Act. A reasonable administrative fee may apply.
10.3 You may request the deletion of your personal information held by GymGoer by contacting our Privacy Officer. Subject to legal and operational requirements, we will take reasonable steps to permanently delete, de-identify, or anonymise your information within 30 days of confirming your identity and request. Certain information may be retained where required by law, regulatory obligations, or for dispute resolution purposes.

11. Complaints Procedure

11.1 If you have a complaint regarding our handling of personal information, please contact:
Privacy Officer
GymGoer Pty Ltd
Suite 10, 1/84 Mount Eliza Way,
Mount Eliza VIC 3930
Email: help@joingymgoer.com
11.2 We take all complaints seriously and will respond in writing within a reasonable period.

12. Opt-Out Options

12.1 You may opt out of:
(a) Marketing communications by using the unsubscribe link or contacting us directly;
(b) Location tracking via your device settings;
(c) AppsFlyer tracking by adjusting device settings (“Limit Ad Tracking” on iOS / “Opt Out of Ads Personalisation” on Android), or by contacting us to request suppression of tracking identifiers. This may limit our ability to attribute installs or purchases to campaigns;
(d) Targeted advertising delivered via third-party platforms;
(e) Data collection by uninstalling the GymGoer mobile application.

13. Cookies and Tracking Technologies

13.1 We may use cookies, pixels, SDKs, or similar technologies to enhance user experience, monitor usage, and deliver analytics.
13.2 Automatically collected information may include device identifiers, IP addresses, usage times, referral sources, in-app activity events, and browsing behaviours.
13.3 In particular, GymGoer integrates AppsFlyer SDK technology, which automatically collects device identifiers, referral URLs, advertising interactions, app open/install events, purchase event details (e.g., revenue, currency, product ID, order ID, quantity), and engagement data. This information is used to attribute installs and purchases, track referrals, detect fraud, and improve app performance.
13.4 Users may disable or limit certain tracking technologies through device or browser settings, but some features may be impaired.

14. Location Information

14.1 With your consent, we may use location services (e.g., GPS) to determine your current location for service-related features. You may revoke consent via your device settings at any time.

15. Third-Party Links and Integrations

15.1 The GymGoer platform may contain links to third-party websites or apps. We are not responsible for the privacy practices of these entities.
15.2 GymGoer does not store or process payment card information. All payments are processed securely by third-party providers such as Apple Pay and Stripe.
15.3 Where GymGoer integrates with third-party platforms such as AppsFlyer, Stripe, or Apple Pay, your data may be shared in accordance with their privacy policies, which you are encouraged to review.

16. Amendments to this Privacy Policy

16.1 GymGoer reserves the right to amend this Privacy Policy at any time. Amendments will be published on our website and will take immediate effect upon posting.