ZymHop Privacy Policy

For purposes of this Policy, the following terms have the meanings given below (as derived from applicable Indian data protection laws):

• "AltGym Private Limited" operating under the brand name ZymHop, shall hereinafter be referred to as "ZymHop". The term ZymHop shall be deemed to include AltGym Private Limited.
• "Personal Data" refers to any data about an individual who can be identified from that data, either directly or indirectly. This includes data such as name, contact information, profile details, location data, and any other information that relates to an identifiable individual.
• "Sensitive Personal Data" (also called Sensitive Personal Information under the IT Act 2000 and its Rules) includes a subset of personal data that carries greater privacy sensitivity. Under the IT Act's Rules, examples of Sensitive Personal Data include financial information (such as credit/debit card or bank account details), health and medical records, biometric data, passwords, sexual orientation, and similar categories.
• "Data Principal" means the individual to whom the personal data relates. This includes customers, users, or any individual whose personal information we process.
• "Data Fiduciary" means any person or entity (including Zymhop) that, alone or in conjunction with others, determines the purpose and means of processing personal data.
• "Data Processor" means any person or entity who processes personal data on behalf of a Data Fiduciary and under its instructions (e.g., third-party service providers, payment gateways, analytics providers, etc.).
• "Processing" of personal data encompasses any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organizing, storage, retrieval, use, dissemination, disclosure, or destruction.
• "Consent" means any freely given, specific, informed and unambiguous indication of the Data Principal's wishes by which they, by a statement or clear affirmative action, signify agreement to the processing of personal data for a specific purpose.

This Privacy Policy applies to the processing of personal data collected through Zymhop's digital platforms (website and mobile app) and related services. It explains:

• The categories of data we collect from customers (B2C) and gym partners (B2B).
• The purposes for which we use that data and the legal bases for processing.
• How we share data with third parties and partners.
• Our use of cookies and analytics tools.
• Data retention, security measures, and how data is deleted.
• Cross-border data transfer policies, if any.
• The rights of data principals (users) including access, correction, deletion, and consent withdrawal.
• Special provisions for sensitive data and data of minors/children.
• Our grievance redress mechanism and dispute resolution process.
• How we update this Policy and notify users of changes.
• Contact details for the Grievance Officer.

We handle all personal data in compliance with Indian data protection laws. Specifically, Zymhop conforms to the requirements of the IT Act 2000 (including the SPDI Rules, 2011) and the DPDP Act, 2023.

We use the collected data for multiple purposes, all in accordance with Indian law:

• Service Provision and Operations: To create and manage your Zymhop account; to process and fulfill your bookings for gym classes, equipment, or sessions; to enable gym access generating OTP to validate the session for entry and to manage membership or subscription payments.
• Personalization: To provide personalized fitness recommendations, tailor class suggestions, and match you with suitable gym partners based on your preferences and goals.
• Analytics and Improvement: To perform data analytics (on a personal or aggregate level) in order to improve our Service. This includes analyzing user behavior and feedback to optimize the app/website, fix bugs, and develop new features.
• Marketing and Communications: With your explicit consent, Zymhop may send you promotional messages, newsletters, discounts, and marketing content about Zymhop services.
• Legal and Security Compliance: To comply with legal obligations, enforce our Terms of Service, and protect against fraud and security risks.

All data uses are bound by the principles of purpose limitation and data minimization set out in the DPDP Act. We will only use your personal data for purposes explicitly described in this Policy or that you consented to.

Under Indian law DPDP Act 2023 and the IT Act Rules:

• Consent: The primary legal basis for processing customer personal data is your consent. At registration and certain points of interaction, you are asked to consent to this Privacy Policy and the processing of your data.
• Contractual Necessity: Certain processing is necessary to perform the contract between you and Zymhop/its partners (e.g., booking and delivering gym services).
• Legitimate Interests: In limited cases (such as improving the Service, preventing fraud, or maintaining security), we process data based on our legitimate interests.
• Legal Obligations: We may process data to comply with legal obligations (e.g., accounting and taxation records retention, responding to lawful subpoenas).

Under the DPDP Act, you have specific rights as a Data Principal. Zymhop respects these rights and provides mechanisms to exercise them:

• Right to Access / Confirmation: You have the right to know what personal data Zymhop holds about you and how it is being processed.
• Right to Correction / Update: You can correct or update your personal data (e.g., change address, update preferences) at any time by editing your profile in the app/website or by contacting support.
• Right to Withdraw Consent: You may withdraw your consent at any time (for all or specific processing operations) by adjusting your account settings or contacting us.
• Right to Data Portability: As allowed under DPDP, you have the right to receive your personal data in a structured, commonly used format.
• Right to Object/Restrict Processing: You may object to our processing of your personal data where processing is based on legitimate interests or for direct marketing.
• Right to Grievance Redressal: If you have any complaints about our handling of your data, you can first contact Zymhop's Grievance Officer.

To exercise any of the above rights, please contact us through the methods listed below. We will verify your identity before responding to any request, to protect your privacy.

All personal data collected by Zymhop is stored on servers located in India. As of now, Zymhop does not routinely transfer customer data outside India. If, in the future, data processing involves transfer to a third country (e.g., to use an overseas analytics service or backup location), we will ensure it complies with DPDP requirements. Under the DPDP Act, cross-border transfers are allowed only with appropriate safeguards (such as standard contractual clauses) and only to countries not blacklisted by the government.

Zymhop has established a multi-tiered mechanism to address any data privacy grievances:

You can submit a complaint in writing or via email. We will acknowledge receipt and work to resolve it, typically within 30 days (or as prescribed by law).

Zymhop may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or user feedback. When significant changes occur, we will take the following steps to inform you:

• Notice of Update: We will post the updated Policy on our website/app with a new effective date.
• Consent for Material Changes: For substantial changes (e.g., new processing purposes, sharing with new categories of third parties), we will require users to acknowledge the updated Policy.
• Granular Updates: Non-material or clarifying edits such as stylistic updates or departmental changes may be made at any time without prior consent, though we will still update the effective date.

If you have any questions about this Privacy Policy, data practices, or your privacy rights, please contact Zymhop at:

You may also reach out via mail to the address provided or call our support line. We will respond to verifiable requests in accordance with law.