Privacy Policy

Last Updated: October 7, 2025

Welcome to Gravity4Apps. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you use our SaaS applications, platforms, websites, mobile applications, and related services. As a SaaS provider offering business management solutions, we are committed to protecting your privacy and ensuring transparency in our data practices.

1. Information We Collect

1.1 Business Account Information

When you register for our SaaS platform, we collect:

• Business information (company name, address, contact details)
• Account credentials (username, email, password)
• Billing and payment information (payment details, billing address)
• User information (names, roles, email addresses of authorized users)
• Communication preferences and support inquiries

1.2 End-User Information (Processed on Behalf of Our Customers)

Our platforms enable businesses to manage their customers or end-users. Depending on the application, this may include:

• Personal details (name, email, phone number, date of birth, gender)
• Membership or subscription information (account type, start/end dates, payment history)
• Service-specific data (appointments, bookings, schedules, preferences)
• Attendance or usage records and activity tracking
• Payment and billing information
• Photos or profile images (if uploaded)
• Communication history and preferences
• Health or fitness data (where applicable, such as in wellness or gym management applications)

1.3 Automatically Collected Information

When you use our platforms, we automatically collect:

• Device information (IP address, browser type, operating system, device ID)
• Usage data (features accessed, pages viewed, time spent, actions performed)
• Log files and technical data (error logs, system performance metrics)
• Cookies and similar tracking technologies
• Location data (if permitted and relevant to the application features)

1.4 Integration Data

If you connect our platforms with third-party services (payment processors, marketing tools, accounting software, communication platforms), we may receive data from these integrations as necessary to provide our services.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• Provide and maintain our SaaS platforms and applications
• Process user registrations, renewals, and account management
• Handle bookings, scheduling, and resource management
• Process payments, subscriptions, and billing
• Enable access control and user authentication features
• Send transactional communications (receipts, confirmations, account updates)

2.2 Platform Improvement

• Analyze usage patterns to improve features and user experience
• Develop new features and functionality
• Conduct research and analytics on platform performance
• Monitor and optimize system performance and reliability

2.3 Communication and Support

• Provide customer support and respond to inquiries
• Send important notices about service updates, maintenance, or policy changes
• Send marketing communications about new features or services (with consent)
• Conduct surveys and gather feedback

2.4 Security and Compliance

• Detect, prevent, and address security issues, fraud, or unauthorized access
• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and protect our rights
• Maintain audit logs for security and compliance purposes

3. Data Controller vs. Data Processor

It's important to understand our role in handling different types of data:

4. Sharing Your Information

We respect your privacy and do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

• Service Providers: With trusted third-party vendors who assist us in operating our platforms (cloud hosting providers like AWS or Google Cloud, payment processors like Stripe or PayPal, email service providers, analytics tools, customer support platforms)
• Payment Processing: With payment gateways and financial institutions to process subscriptions, fees, and transactions
• Integration Partners: With third-party services that you choose to integrate with our platforms (accounting software, marketing tools, communication platforms, etc.)
• Legal Requirements: When required by law, court order, government regulation, or to protect our legal rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
• Within Your Organization: End-user data is accessible to authorized staff and administrators of the business account for operational purposes
• With Your Consent: When you explicitly authorize us to share your information

5. Data Security

As a SaaS platform handling sensitive business and personal information, we take data security extremely seriously. We have implemented comprehensive security measures including:

• Encryption: All data is encrypted in transit (SSL/TLS) and at rest using industry-standard encryption protocols
• Access Controls: Role-based access controls and multi-factor authentication for administrative accounts
• Secure Infrastructure: Our platform is hosted on secure, SOC 2 compliant cloud infrastructure
• Payment Security: PCI-DSS compliant payment processing; we do not store full credit card numbers
• Regular Audits: Periodic security assessments, vulnerability scanning, and penetration testing
• Data Backups: Regular automated backups with disaster recovery procedures
• Employee Training: All staff undergo security awareness and data protection training
• Monitoring: 24/7 system monitoring for suspicious activity and security threats

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal information based on the following criteria:

• Active Accounts: Data is retained for the duration of your active subscription
• Inactive Accounts: After account termination, data is retained for 90 days to allow for reactivation, then securely deleted or anonymized
• Financial Records: Billing and payment information is retained for 7 years to comply with tax and accounting regulations
• Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes (e.g., dispute resolution, fraud prevention)
• Backup Systems: Data in backup systems is retained according to our backup retention schedule (typically 30-90 days) and then permanently deleted

Business account holders are responsible for managing their own data retention policies for end-user information stored in our platforms.

7. Your Rights and Choices

7.1 For Business Account Holders

You have the right to access, review, and update your account information at any time through your admin dashboard or by contacting our support team.

7.2 For End-Users

If you are an end-user of a business using our platform, please contact that business directly to exercise your data rights. The business is the data controller for your information. We process this data on their behalf.

7.3 Data Deletion

You have the right to request the deletion of your personal data:

7.4 Data Export and Portability

Business account holders can export all their data at any time:

• User lists and profiles (CSV, Excel formats)
• Activity records and usage history
• Financial reports and payment history
• Use the "Export Data" feature in your admin dashboard

7.5 Marketing Communications

You may opt-out of receiving promotional communications from us by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us directly at [email protected]

Note: Even if you opt-out of marketing communications, you will still receive important transactional emails (billing notifications, service updates, security alerts).

8. Sensitive Information and Industry-Specific Data

Depending on the specific application, our platforms may store sensitive or industry-specific information. Please note:

• We implement appropriate security measures to protect all sensitive information
• Business account holders are responsible for determining their obligations regarding sensitive data collection and use
• We recommend obtaining appropriate consent before collecting sensitive personal information
• For health-related applications: We are generally not a HIPAA-covered entity unless specifically contracted as such
• End-users should consult with the business they interact with regarding how their sensitive information is used

9. Children's Privacy

Our platforms may be used by businesses that serve minors (under 18 years old):

• Our services are not directed to children under 13 without parental consent
• Business account holders are responsible for obtaining appropriate parental consent for minor end-users
• Parents/guardians should contact the relevant business to exercise rights on behalf of their children
• We process minor end-user data only as instructed by the business (data controller)
• If you believe we have collected information from a child without proper consent, contact us immediately at [email protected]

10. International Data Transfers

As a global SaaS platform, your information may be transferred to and processed in countries other than your country of residence. We ensure data protection through:

• Hosting data in certified data centers that comply with international security standards
• Using Standard Contractual Clauses (SCCs) for transfers outside the EEA
• Ensuring all third-party processors meet adequate data protection requirements
• Implementing appropriate technical and organizational safeguards
• Complying with GDPR, CCPA, and other applicable data protection regulations

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and provide essential platform functionality:

11.1 Types of Cookies We Use

• Analytics Cookies: Provide insights into how users interact with our platform (Google Analytics, etc.)

11.2 Managing Cookies Consent

You can modify your cookie settings anytime by clicking the Consent Preferences. This will allow you to revisit the cookie consent banner and update your preferences or withdraw your consent immediately. Alternatively, an floating button is available on the bottom left corner of the screen for you to change your preferences at any time.

12. Third-Party Services and Integrations

Our platforms may integrate with third-party services chosen by business account holders:

• Payment processors (Stripe, Razorpay)
• Email marketing platforms (Mailjet)
• Communication tools (SMS gateways, WhatsApp messaging)
• Industry-specific integrations

When you use these integrations, you are also subject to their privacy policies. We recommend reviewing their policies to understand how they handle your data.

13. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify affected users and relevant authorities in accordance with applicable laws. Notifications will include the nature of the breach, the data affected, and steps we are taking to address the situation.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page with a new "Last Updated" date
• Sending an email notification to business account holders
• Displaying an in-app notification when you log in
• For significant changes, requiring explicit acceptance before continued use

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Continued use of our platforms after changes constitutes acceptance of the updated policy.

15. Your Responsibilities as a Business Account Holder

If you are a business using our platforms, you have responsibilities as a data controller:

• Obtain appropriate consent from end-users before collecting their personal information
• Provide end-users with your own privacy notice explaining how their data will be used
• Ensure you have legal basis for processing end-user data (consent, contract, legitimate interest)
• Respond to end-user data rights requests (access, deletion, correction) promptly
• Implement appropriate security measures for end-user data
• Only grant platform access to authorized staff members
• Comply with applicable data protection laws in your jurisdiction
• Notify us immediately if you become aware of any security incidents

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: