SaaS
Terms of Service.

GymSys offers the following monthly subscription plans, priced in euros and exclusive of any applicable value-added tax (VAT) or similar taxes:

• Starter — €29/month. Core membership management, QR-code access, up to [N members] active members, and standard support.
• Professional — €59/month. Everything in Starter, plus unlimited members, face-recognition access, advanced reporting, and staff-app access for up to [N staff seats].
• Business — €99/month. Everything in Professional, plus multi-location support, branded member app, priority support, and API access.
• Enterprise — €199/month. Everything in Business, plus a dedicated account manager, custom integrations, SLA negotiation, and volume pricing. Enterprise terms may be supplemented by a separate Order Form.

Fees may be changed by GymSys with at least 30 days’ written notice sent to the Customer’s registered email address. Continued use of the platform after the effective date of a price change constitutes acceptance of the new fees. If the Customer does not accept the new fees they must cancel before the effective date per Section 2.

Subscriptions are billed on a calendar-month basis, charged in advance on the same day of the month the subscription started (“Billing Date”). The first charge is collected at sign-up.

Auto-renewal. Subscriptions renew automatically each month using the payment method on file. GymSys will send a receipt to the Customer’s billing email within 24 hours of each successful charge.

Cancellation. The Customer may cancel at any time through the admin portal (“Settings → Subscription → Cancel plan”) or by emailing billing@gymatic.eu. Access continues until the end of the period already paid for; no prorated refund is issued for the remainder of the current billing period.

Failed payments. If a payment fails, GymSys will attempt to collect payment on the 3rd and 7th day after the original due date and notify the Customer by email. If payment remains outstanding after the 7th day, GymSys may suspend the Customer’s account in accordance with Section 5.

Taxes. Fees do not include VAT or similar taxes. If GymSys is required by law to collect such taxes, they will be added to the invoice. The Customer is responsible for all taxes applicable to their purchase in their jurisdiction.

GymSys operates the platform on a commercially reasonable, best-effort basis. We target high availability but do not offer a contractual service-level agreement (SLA) at current pricing tiers. No financial credits or remedies are due for downtime, latency, or data-access interruptions except as expressly agreed in a separate Enterprise Order Form.

We perform scheduled maintenance when usage is lowest (typically between 02:00 and 05:00 Central European Time) and will, where practicable, provide at least 24 hours’ notice in the admin portal or by email. Emergency maintenance may be performed at any time without prior notice.

GymSys does not control third-party services on which the platform depends (including Supabase, Oracle Cloud, Vercel, payment gateways, or push-notification providers) and accepts no liability for disruptions caused by them.

By subscribing to GymSys, the Customer warrants, represents, and undertakes the following obligations on an ongoing basis:

• Data accuracy. All information entered into the platform — including member names, contact details, plan configurations, pricing, and scheduled events — must be accurate, complete, and kept up to date. GymSys accepts no liability for errors arising from incorrect Customer-supplied data.
• Lawful processing basis. The Customer is the data controller for all personal data relating to its members. Before collecting and processing member data in GymSys, the Customer must have, and must maintain, a lawful basis under Regulation (EU) 2016/679 (GDPR) and applicable Slovak law (Act No. 18/2018 Coll. on Personal Data Protection). The Customer accepts sole responsibility for ensuring that its data-processing activities comply with these requirements.
• Member consent. Where required by applicable law — including for biometric (face) data processed under Art. 9 GDPR — the Customer must obtain freely given, specific, informed, and unambiguous written consent from each member before enrolling them in face-recognition access. Records of consent must be retained by the Customer for the duration of the membership and for a minimum of three years thereafter.
• CCTV and access-device signage. If the Customer deploys video surveillance (CCTV) or biometric access-control devices on its premises, it must display clear and conspicuous notices at all points of entry and in any areas covered by cameras, as required by the Office for Personal Data Protection of the Slovak Republic (ÚOOÚ SR) and applicable law.
• Authorised use. The Customer shall use the platform solely for lawful gym-management purposes and shall not permit access by individuals who are not authorised representatives of the organisation. The Customer is responsible for all actions taken under its account, including those of its staff.
• Account credentials. The Customer must keep its admin credentials confidential and notify GymSys immediately at security@gymatic.eu if it suspects unauthorised access to its account.

GymSys may, at its sole discretion, immediately suspend or terminate the Customer’s access to the platform, with or without prior notice depending on the severity of the cause, in any of the following circumstances:

• Non-payment. Any subscription fee remains unpaid more than seven (7) days after its due date following the failed- payment notification process described in Section 2.
• Abuse of the platform. The Customer or any of its users engages in conduct that, in GymSys’s reasonable judgement, materially threatens the security, performance, or integrity of the platform or the data of other customers — for example, automated scraping, credential stuffing, or intentional denial-of-service activity.
• Illegal use. The Customer uses the platform for any purpose that violates applicable law or regulation, including but not limited to unlawful processing of personal data, money laundering, or fraud.
• Material breach. The Customer commits a material breach of any provision of this Agreement and fails to remedy that breach within fourteen (14) days of receiving written notice from GymSys specifying the breach.

Upon suspension the Customer’s data is retained for thirty (30) days to allow the Customer to remedy the cause and request reinstatement or to export its data per Section 6. GymSys reserves the right to permanently delete the account and all associated data after that period.

GymSys is committed to ensuring that the Customer is never locked in to the platform against its will.

Export window. Following cancellation or termination of the subscription, the Customer may submit a written data-export request to support@gymatic.eu within thirty (30) calendar days. GymSys will, within ten (10) business days of receiving the request, provide a machine- readable export of the Customer’s data — including member records, membership history, payment transactions, and access logs — in CSV and/or JSON format as appropriate for each data type.

Post-window deletion. If no export request is received within the thirty-day window, or once a valid export has been delivered, GymSys will permanently delete all Customer data (including member personal data and biometric embeddings) from production systems in accordance with the retention schedule set out in the Data Processing Agreement (Section 9). Deletion from automated backup systems follows the backup rotation schedule, not to exceed ninety (90) days.

Biometric data. Face embeddings of the Customer’s members are deleted from all access devices and from GymSys servers within twenty-four (24) hours of account deactivation, regardless of whether a data export has been requested.

Cap on liability. To the fullest extent permitted by applicable law, GymSys’s total aggregate liability to the Customer arising out of or in connection with this Agreement — whether in contract, tort (including negligence), statutory duty, or otherwise — shall not exceed the total subscription fees actually paid by the Customer to GymSys in the twelve (12) calendar months immediately preceding the event giving rise to the claim.

Exclusion of consequential loss. In no event shall GymSys be liable to the Customer for any indirect, incidental, special, exemplary, punitive, or consequential damages, including but not limited to loss of profits, loss of revenue, loss of data, loss of goodwill, or cost of substitute services, even if GymSys has been advised of the possibility of such damages.

Exceptions. Nothing in this Agreement limits liability for: (a) death or personal injury caused by GymSys’s negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot be excluded or limited under applicable Slovak or EU law.

Customer indemnity. The Customer shall indemnify and hold harmless GymSys from any third-party claims, losses, damages, fines, or expenses (including reasonable legal fees) arising from the Customer’s breach of this Agreement, its failure to obtain required member consents, or its violation of any applicable law or the rights of any third party.

This Agreement and any dispute or claim arising out of or in connection with it (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the Slovak Republic, without regard to its conflict-of- law provisions. Where mandatory EU law applies, it supersedes Slovak national law to the extent required.

Amicable resolution. The parties shall first attempt to resolve any dispute informally by notifying the other party in writing of the nature of the dispute and engaging in good- faith discussions for a period of thirty (30) days (“Resolution Period”). Either party may initiate formal proceedings if the dispute is not resolved within the Resolution Period.

Jurisdiction. Subject to the amicable-resolution obligation above, each party irrevocably submits to the exclusive jurisdiction of the competent courts of the Slovak Republic for the resolution of any dispute arising under or in connection with this Agreement. If the Customer is a consumer under applicable law, nothing in this clause limits any statutory rights the Customer may have to bring proceedings in another jurisdiction.

Because the Customer stores personal data relating to its members (including, where applicable, biometric face embeddings) on the GymSys platform, GymSys acts as a data processor and the Customer acts as the data controller within the meaning of the GDPR and Act No. 18/2018 Coll. on Personal Data Protection (Slovak Republic).

A Data Processing Agreement (“DPA”) — compliant with Art. 28 GDPR and incorporating the applicable EU Standard Contractual Clauses — is presented to the Customer during the onboarding process and must be accepted before the platform may be used to process member personal data. The DPA forms part of this Agreement and is incorporated herein by reference.

The current DPA is available at gymatic.eu/dpa. GymSys will notify the Customer of any material changes to the DPA at least thirty (30) days before the updated DPA takes effect. Continued use of the platform after the effective date constitutes acceptance of the revised DPA.

Questions about data processing, subject-access requests, or the DPA may be directed to privacy@gymatic.eu.