← Back to home

Privacy Policy

Last updated: April 5, 2026

1. Introduction

GymClaim ("ClaimMyGym," "we," "us," or "our") operates the website at www.claimmygym.com and associated applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our gym reimbursement filing assistant service. Because our service handles insurance and health-related data, we take your privacy extremely seriously.

By using GymClaim, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

2. Information We Collect

We collect the following categories of information to provide and improve our service:

2.1 Personal Information

  • Full name and email address
  • Account credentials (passwords are hashed and never stored in plaintext)
  • Contact information you voluntarily provide

2.2 Insurance and Health-Related Data

  • Insurance card images uploaded for plan identification and benefit analysis
  • Insurance plan details extracted from card scans (carrier, member ID, group number)
  • Gym membership information and visit logs
  • Reimbursement claim details, including amounts and submission history

2.3 Usage and Device Data

  • Browser type, operating system, and device information
  • IP address and approximate geographic location
  • Pages visited, features used, and interaction patterns
  • Referring URLs and session duration

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Claim Generation: Processing your insurance card images and gym visit data to generate reimbursement claim forms on your behalf.
  • Benefit Analysis: Analyzing your insurance plan details to identify eligible fitness benefits and estimate potential reimbursements.
  • Service Improvement: Understanding usage patterns to improve accuracy, performance, and user experience.
  • Communication: Sending service-related notifications such as claim status updates, account alerts, and product announcements (with your consent).
  • Legal Compliance: Fulfilling legal obligations and responding to lawful requests.

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data is stored in Supabase with encryption at rest (AES-256) and in transit (TLS 1.3).
  • Insurance card images are encrypted before storage and are automatically purged after claim processing is complete, unless you choose to retain them.
  • Access to sensitive data is restricted through role-based access controls and multi-factor authentication for administrative access.
  • We conduct regular security assessments and maintain audit logs of data access.
  • Database backups are encrypted and stored in geographically separate locations.

While we strive to use commercially acceptable means to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Third-Party Sharing

We limit sharing of your personal information to what is strictly necessary:

  • Claim Submission: When you authorize a claim, relevant information is shared with your insurance provider solely for the purpose of processing your gym reimbursement.
  • Service Providers: We use trusted third-party services (hosting, analytics, error tracking) that may process data on our behalf under strict contractual obligations.
  • Legal Requirements: We may disclose information if required by law, regulation, or valid legal process.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Your Rights

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of all personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Deletion: Request deletion of your account and all associated data. Insurance card images and processed claim data will be permanently removed within 30 days of your request.
  • Right to Export: Request a machine-readable export of your data, including claim history and visit logs.
  • Right to Withdraw Consent: Withdraw your consent for data processing at any time, though this may affect your ability to use certain features.

To exercise any of these rights, contact us at claimmygym@gmail.com. We will respond to all legitimate requests within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for essential service functionality, authentication, and analytics. Specifically:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with the site (e.g., Vercel Analytics). These are only set with your consent.

You can manage your cookie preferences at any time through the cookie consent banner or your browser settings. For more details, see our cookie consent prompt displayed on your first visit.

8. HIPAA and Health Data Considerations

GymClaim processes insurance-related and fitness data. While GymClaim is a consumer filing assistant and not a covered entity or business associate under HIPAA (the Health Insurance Portability and Accountability Act), we recognize the sensitive nature of this information and voluntarily adopt strong privacy safeguards inspired by HIPAA principles:

  • We apply the minimum necessary standard, collecting only the data required to process your reimbursement claims.
  • Insurance card images are processed for data extraction and are not retained longer than necessary.
  • Access to health-related data is strictly limited to authorized systems and personnel.
  • We maintain audit trails for access to sensitive health-related data.
  • All data handling follows encryption and access control standards consistent with HIPAA security requirements.

If your employer or insurance plan requires HIPAA-compliant handling of your data, please contact us to discuss your specific requirements.

9. Children's Privacy

GymClaim is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we will also notify you via email or an in-app notification. Your continued use of GymClaim after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

← Back to homeTerms of Service →