Book a Demo

Privacy Policy

Last updated:

1. Introduction

LakasHub ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard information when you use our gym membership and POS system.

2. Information We Collect

Personal Information (provided by you or your gym)

  • Full name, email address, mobile number, gender, birthday, address, and profession
  • Profile photos (captured or uploaded during registration)
  • RFID card identifiers linked to your account
  • Login credentials (passwords are stored using one-way encryption and are never visible to anyone)

Business & Operational Data

  • Gym branch information (name, location, contact number)
  • Membership plan assignments, start and end dates
  • Payment transactions (amount, method of payment, reference numbers)
  • Check-in/check-out timestamps and RFID door access logs
  • Class enrollments and facility bookings
  • Payment proof files (receipt images or PDFs uploaded during transactions)

Information We Do NOT Collect

  • Credit card or bank account numbers (we do not process card payments directly)
  • Biometric data beyond optional profile photos
  • Location tracking or GPS data

3. How We Use Information

  • Authenticate users via secure API tokens (sessions expire after 8 hours of inactivity)
  • Validate membership status for RFID check-in and door lock access
  • Process payments and generate receipts
  • Send password reset emails when requested
  • Send booking confirmations and contact form responses
  • Generate financial reports and dashboards for gym owners and managers
  • Track attendance history for member and branch analytics

4. Third-Party Services

We do not sell, rent, or trade personal data. We use the following third-party services to operate the platform:

  • Email provider (SMTP) — for sending password reset links, booking confirmations, and contact form responses
  • Pusher (optional) — for real-time check-in notifications and booking updates displayed on lobby monitors. Only member name, plan status, and photo are transmitted.

We do not use third-party analytics, advertising networks, or tracking pixels.

5. Data Storage & Retention

  • Data is stored on secured servers with access restricted to authorized personnel
  • Profile photos are stored on the application server in a protected directory
  • Excel files uploaded for bulk member import are deleted immediately after processing
  • All other data is retained as long as the gym's account is active
  • Upon account termination, data can be exported and then deleted upon written request

6. Your Rights

You may request to:

  • Access or receive a copy of your personal data
  • Correct inaccurate information
  • Delete your account and associated data (member deletion cascades to related records)
  • Reset your password at any time via the login page

Contact support@lakashub.com to exercise these rights.

7. Security

  • Passwords are hashed using bcrypt (industry-standard one-way encryption)
  • API authentication uses secure tokens with 8-hour expiration
  • RFID door devices authenticate via unique API keys per device
  • Session cookies use HTTP-only and SameSite flags to prevent cross-site attacks
  • Password reset tokens expire after 24 hours

No system is 100% secure. We recommend using strong, unique passwords and keeping your login credentials private.

8. Children

Our services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child's data has been collected, contact us for immediate removal.

9. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top will be revised, and material changes will be communicated via email to account holders.

10. Contact

For privacy questions or data requests, contact us at support@lakashub.com or call 09566204042.