This Privacy Policy applies to the business-facing version of FirstRep used by gyms, fitness studios, and similar businesses.

It covers information we collect directly from business customers and authorized staff users, as well as personal data processed on behalf of gym customers through the service.

We use information to operate and improve FirstRep for Gyms.

• • Provide, secure, and support the service
• • Manage subscriptions, billing, and account administration
• • Maintain analytics, dashboards, and product performance
• • Communicate about service updates, security, and support
• • Comply with legal obligations and enforce our terms

For gym business account information, FirstRep generally acts as a controller because we determine how that account and billing information is used to operate the service.

For member and staff personal data submitted by a gym through the platform, the gym customer is the controller and FirstRep acts as a processor or service provider on the customer's behalf.

Gym customers are responsible for obtaining any notices, consents, and permissions required to use the platform lawfully.

We may share information only as needed to operate the service.

• • With hosting, infrastructure, analytics, and support providers
• • With payment processors for billing administration
• • To comply with law, regulation, or valid legal requests
• • To protect the rights, safety, security, and integrity of FirstRep, our customers, and end users

We maintain administrative, technical, and organizational safeguards designed to protect information processed through the service.

• • Encryption in transit and appropriate access controls
• • Internal authentication and permission management
• • Monitoring, logging, backups, and recovery processes
• • Staff confidentiality and security practices

No platform can guarantee absolute security, but we take commercially reasonable steps to protect the data entrusted to us.

Customer data is primarily stored and processed in Nigeria or in infrastructure selected by FirstRep and its service providers.

Where data is transferred across borders, we use appropriate safeguards and contractual protections required by applicable law.

We retain data while an account is active and for a reasonable period after termination to support account closure, dispute resolution, legal compliance, and operational continuity.

After termination, we may delete or anonymize customer data unless retention is required by law, contract, backup cycles, or legitimate security and compliance needs.

Authorized gym customers may request access, correction, export, or deletion of business account information we control, subject to legal and operational limitations.

If a member or staff person wants to exercise rights over data submitted by a gym through the service, that request should usually be directed first to the relevant gym, which controls that data.