Privacy Policy

Last Updated: February 14, 2026

1club EOOD (“1club,” “we,” “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect information when you use our gym management software at 1club.ai, 1club.me, and our mobile apps (the "Service").

1. Our Role: Controller vs. Processor

  • As a Data Controller: 1club is the "Controller" for data belonging to Gym Owners and Staff. We determine how to use this data for billing, account management, and marketing our own services.
  • As a Data Processor: When a Gym uses our system to manage its Members (End Users), the Gym is the "Controller" and 1club is the "Processor." We process member data only on the Gym’s instructions. Gyms are responsible for their own privacy practices and for obtaining necessary consents (including parental consent) from their members.

2. Information We Collect

From Gym Owners (Customers)

  • Business Details: Business name, address, and contact information.
  • Staff Data: Names, emails, phone numbers, and assigned roles.
  • Business Configuration: Pricing structures, class schedules, and branding assets.
  • Payment Information: Processed securely by Stripe; we do not store full card numbers.

From Gym Members (End Users)

  • Profile Data: Name, email, phone number, age, and date of birth.
  • Activity Data: Booking and attendance records, and membership status.
  • Account Origin: Whether the member joined via a specific gym portal or the 1club marketplace.
  • Preferences: Member notes and specific profile settings.

Automatically Collected Data

  • Technical Data: IP address, device type, browser type, and location data (with mobile app permission).
  • Usage Data: Pages visited, features used, and time spent on the platform.
  • Cookies: We use cookies for essential functionality, analytics, and marketing. Full details are in our Cookie Policy.

3. Children's Privacy

Parents May Create Accounts for Children: Parents and guardians can create and manage accounts for their children, including those under 13.

  • Gym Responsibility: If you are a gym owner, you must obtain proper parental consent for minors and comply with COPPA (US), GDPR (EU), and local children's privacy laws.
  • Parental Rights: Parents can review, correct, or delete their child's data at any time by contacting the gym or emailing support@1club.ai.
  • Limited Data for Minors: We only collect name, age, parent contact, and necessary membership info. We do not market to minors or share their data for advertising.
  • Automatic Deletion: If we inadvertently collect data from a child under 13 without parental consent, we will delete it immediately.

4. How We Use Your Information (Legal Basis)

We only process data when we have a valid legal reason under GDPR:

  • To Provide the Service (Contractual Necessity): Managing accounts, processing payments, enabling bookings/scheduling, and facilitating integrations (Stripe, Google, etc.).
  • To Improve the Service (Legitimate Interests): Analyzing usage patterns with aggregated/anonymized data, developing new features, and optimizing performance.
  • To Communicate (Consent/Contract): Sending service notifications, responding to support requests, and sending marketing (which you can opt out of).
  • Legal Obligation: Complying with Bulgarian tax and accounting laws.

5. How We Share Your Information

We DO NOT sell your personal data. We share data only as follows:

ProviderPurposeLocation
Heroku (Salesforce)Cloud Hosting & InfrastructureUSA
StripePayment Processing & BillingGlobal
HubSpotCRM & Customer ManagementUSA
Google WorkspaceInternal Communications & ProductivityUSA
Twilio SendGridTransactional Email DeliveryUSA
IntercomCustomer Support Chat & MessagingUSA

We May Also Share When:

  • Required by Law: For legal processes or to protect safety and rights.
  • Business Transfers: In connection with a sale, merger, or acquisition.
  • Your Gym: If you are a Member, your data is shared with your gym (the Controller).

6. International Data Transfers

Since our infrastructure (Heroku) and several partners are based in the United States, your data will be transferred outside the EEA. To ensure protection, we use Standard Contractual Clauses (SCCs) approved by the European Commission with our US-based providers.

7. Communication Disclaimer

1club does not email gym members directly for marketing. All notifications (class signings, welcome emails) are initiated by the Gym using our system. The Gym is responsible for ensuring they have the legal right to contact their members.

8. Data Retention & Security

  • Retention: Data is kept while your account is active. Upon closure, data is deleted within 90 days (backups within 180 days).
  • Legal Exception: Financial records (invoices) are kept for 10 years per Bulgarian law.
  • Security: We use TLS/SSL encryption and regular monitoring. If a breach occurs, we will notify affected users within 72 hours.

9. Your Privacy Rights

Under GDPR (EU/UK) and CCPA (California), you have the right to:

  • Access and Export: Request a copy of your data.
  • Correct and Delete: Request updates or deletion of your information.
  • Object/Restrict: Opt-out of marketing or restrict data processing.
  • Non-Discrimination: California users will not be discriminated against for exercising these rights.

10. General Provisions

  • Third-Party Links: We are not responsible for the privacy practices of linked sites (Stripe, Google, etc.).
  • Changes: We provide 30 days' notice for material changes to this policy.

Contact Us:

Email: support@1club.ai

Address: 10 Tsar Osvoboditel Blvd., 3rd floor, 1000 Sofia, Bulgaria.