This Privacy Policy ("Policy") describes how True Grit Fitness LLC ("we," "us," or "our"), located at 6400 Irvine Blvd, Irvine, CA 92620, collects, uses, discloses, and protects your personal information ("Personal Data") in connection with our website, memberships, classes, and services ("Services"). We are committed to complying with applicable laws, including the General Data Protection Regulation (GDPR) for EU residents and the California Consumer Privacy Act (CCPA) for California residents. By using our Services, you consent to the practices described herein. Effective: October 16, 2025.
We collect Personal Data directly from you when you register for membership, sign up for classes, subscribe to newsletters, or interact with our website. This may include: name, email address, phone number, mailing address, payment information, fitness goals, health data (e.g., medical conditions, allergies), and usage data (e.g., class attendance, equipment logs). We also collect non-personal data such as IP address, browser type, and device information via cookies or similar technologies. Health data is collected only with your explicit consent for personalized training programs and is treated as sensitive under GDPR/CCPA. We do not knowingly collect Personal Data from children under 13 without parental consent, in compliance with COPPA.
We use your Personal Data to: (i) administer memberships and process payments; (ii) schedule and manage classes; (iii) provide personalized fitness recommendations and communications (e.g., newsletters, progress updates); (iv) improve our Services through analytics; and (v) comply with legal obligations. We do not sell, trade, or otherwise transfer your Personal Data to third parties for their marketing purposes without your consent. Sharing occurs only with service providers (e.g., payment processors, email platforms) under strict confidentiality agreements, or as required by law (e.g., subpoenas). Under CCPA, California residents have the right to opt-out of any "sales" of Personal Data, though we do not engage in such sales.
We implement reasonable administrative, technical, and physical safeguards to protect your Personal Data from unauthorized access, loss, misuse, or alteration, including encryption (e.g., SSL for transmissions), access controls, and regular security audits. Payment information is processed through secure third-party gateways and not stored on our servers. Despite these measures, no system is completely secure, and we cannot guarantee absolute security. In the event of a data breach, we will notify affected users and authorities as required by law (e.g., within 72 hours under GDPR, or as per CCPA timelines). You are responsible for maintaining the confidentiality of your account credentials.
Depending on your location, you may have rights under GDPR, CCPA, or other laws to: (i) access, correct, or delete your Personal Data; (ii) object to or restrict processing; (iii) withdraw consent; (iv) receive data in portable format; or (v) opt-out of automated decision-making. California residents may also request disclosure of data sales/sharing or opt-out thereof. To exercise these rights, contact us at info@truegritgym.com with verification of identity. We respond within 45 days (extendable under law). We do not discriminate against users exercising these rights. For EU residents, our Data Protection Officer can be reached at the same email.
We may update this Policy periodically to reflect changes in our practices or legal requirements, effective upon posting on our website with the "Last Updated" date. Significant changes will be notified via email or prominent notice. Continued use of Services after updates constitutes acceptance. For questions, contact us at info@truegritgym.com. This Policy is governed by California law. Last updated: October 16, 2025.