Back to Home
Privacy Policy
Last updated: March 19, 2026
1. Introduction
Welcome to Admitto ("we", "us", "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform at admitto.net and related services.
Admitto is a cloud-based SaaS platform for managing gyms, spas, wellness centers, and hotels. This policy applies to all users of our services, including business administrators, staff members, and end-user members.
Admitto is a cloud-based SaaS platform for managing gyms, spas, wellness centers, and hotels. This policy applies to all users of our services, including business administrators, staff members, and end-user members.
2. Data Controller
Admitto, operated from Serbia, is the data controller responsible for your personal data.
Contact email: hola@admitto.net
Website: https://admitto.net
Contact email: hola@admitto.net
Website: https://admitto.net
3. Data We Collect
We collect and process the following categories of personal data:
Account Information: Name, email address, phone number, and login credentials when you create an account.
Business Data: Business name, address, type (gym, spa, hotel, wellness center), configuration settings, and staff information provided by business administrators.
Member Data: Name, email, phone number, membership details, check-in history, QR code identifiers, and profile photos uploaded by or on behalf of members.
Usage Data: IP addresses, browser type, device information, pages visited, and interaction patterns with our platform.
Media Content: Photos, logos, gallery images, and videos uploaded through our platform, stored via Bunny CDN (bunny.net).
Communication Data: Messages sent through our contact forms, support requests, and email correspondence.
Account Information: Name, email address, phone number, and login credentials when you create an account.
Business Data: Business name, address, type (gym, spa, hotel, wellness center), configuration settings, and staff information provided by business administrators.
Member Data: Name, email, phone number, membership details, check-in history, QR code identifiers, and profile photos uploaded by or on behalf of members.
Usage Data: IP addresses, browser type, device information, pages visited, and interaction patterns with our platform.
Media Content: Photos, logos, gallery images, and videos uploaded through our platform, stored via Bunny CDN (bunny.net).
Communication Data: Messages sent through our contact forms, support requests, and email correspondence.
4. How We Use Your Data
We use your personal data for the following purposes:
• Service Delivery: To provide our gym, spa, wellness, and hotel management platform, including member check-in, booking management, and notifications.
• Account Management: To create and manage user accounts, authenticate users via JWT tokens, and maintain security.
• Communication: To send transactional emails (account verification, password resets, booking confirmations) through our email service provider SendGrid.
• Real-time Notifications: To deliver WebSocket-based notifications for check-ins and business events.
• Analytics: To provide business administrators with usage statistics and check-in analytics for their facility.
• Platform Improvement: To improve our services, fix bugs, and develop new features.
• Legal Compliance: To comply with applicable laws and regulations.
• Service Delivery: To provide our gym, spa, wellness, and hotel management platform, including member check-in, booking management, and notifications.
• Account Management: To create and manage user accounts, authenticate users via JWT tokens, and maintain security.
• Communication: To send transactional emails (account verification, password resets, booking confirmations) through our email service provider SendGrid.
• Real-time Notifications: To deliver WebSocket-based notifications for check-ins and business events.
• Analytics: To provide business administrators with usage statistics and check-in analytics for their facility.
• Platform Improvement: To improve our services, fix bugs, and develop new features.
• Legal Compliance: To comply with applicable laws and regulations.
5. Legal Basis for Processing
We process personal data where permitted by applicable law. We are operated from Serbia; depending on your situation, relevant rules may include Serbian personal data protection law and other laws that apply to you by virtue of location or role.
Typical grounds include: contract performance (providing the Service under our Terms), legitimate interests (security, fraud prevention, improving the platform—where not outweighed by your rights), consent where we ask for it (e.g. some marketing), and legal obligation where processing is required by law.
Typical grounds include: contract performance (providing the Service under our Terms), legitimate interests (security, fraud prevention, improving the platform—where not outweighed by your rights), consent where we ask for it (e.g. some marketing), and legal obligation where processing is required by law.
6. Data Sharing and Third Parties
We share your data with the following categories of third-party service providers:
Bunny CDN (bunny.net): We use Bunny CDN for media storage and delivery. Uploaded images, logos, gallery photos, and videos are stored on Bunny CDN servers. Media is organized per business and served via admitto-media.b-cdn.net.
SendGrid (Twilio): We use SendGrid for transactional email delivery, including account notifications, password resets, and booking confirmations.
Hosting Providers: Our backend infrastructure is hosted on secure servers to ensure data availability and performance.
We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.
Bunny CDN (bunny.net): We use Bunny CDN for media storage and delivery. Uploaded images, logos, gallery photos, and videos are stored on Bunny CDN servers. Media is organized per business and served via admitto-media.b-cdn.net.
SendGrid (Twilio): We use SendGrid for transactional email delivery, including account notifications, password resets, and booking confirmations.
Hosting Providers: Our backend infrastructure is hosted on secure servers to ensure data availability and performance.
We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.
7. Cookies and Tracking
Our platform uses essential cookies necessary for the functioning of the service, including:
• Authentication Cookies: To maintain your logged-in session via JWT tokens.
• Preference Cookies: To remember your language selection and display preferences.
We do not use third-party advertising or tracking cookies on our landing page. Business dashboard and mobile applications use minimal cookies required for functionality.
• Authentication Cookies: To maintain your logged-in session via JWT tokens.
• Preference Cookies: To remember your language selection and display preferences.
We do not use third-party advertising or tracking cookies on our landing page. Business dashboard and mobile applications use minimal cookies required for functionality.
8. Data Retention
We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy:
• Active Accounts: Data is retained for the duration of your account or business subscription.
• Inactive Accounts: Data may be retained for up to 24 months after account deactivation for reactivation purposes.
• Legal Requirements: Some data may be retained longer to comply with legal obligations.
• Anonymized Data: Aggregated, anonymized analytics data may be retained indefinitely.
Business administrators can request data deletion through their dashboard or by contacting us directly.
• Active Accounts: Data is retained for the duration of your account or business subscription.
• Inactive Accounts: Data may be retained for up to 24 months after account deactivation for reactivation purposes.
• Legal Requirements: Some data may be retained longer to comply with legal obligations.
• Anonymized Data: Aggregated, anonymized analytics data may be retained indefinitely.
Business administrators can request data deletion through their dashboard or by contacting us directly.
9. Multi-Tenant Data Isolation
Admitto operates a multi-tenant architecture where multiple businesses share the same infrastructure. We implement strict data isolation measures:
• Each business's data is segregated using unique business identifiers.
• Business administrators can only access data belonging to their own organization.
• Staff members have role-based access limited to their assigned business.
• Members can only access their own profile and check-in history.
These measures ensure that no business can access another business's data.
• Each business's data is segregated using unique business identifiers.
• Business administrators can only access data belonging to their own organization.
• Staff members have role-based access limited to their assigned business.
• Members can only access their own profile and check-in history.
These measures ensure that no business can access another business's data.
10. Your Privacy Rights
Depending on applicable law, you may have rights such as access to your personal data, correction, deletion or restriction of processing, objection to certain processing, data portability where provided by law, or withdrawal of consent where we rely on consent. The exact scope depends on your jurisdiction and whether you are acting as an individual or on behalf of an organization.
To make a request, contact us at hola@admitto.net. We will respond within a reasonable period and in line with applicable law.
To make a request, contact us at hola@admitto.net. We will respond within a reasonable period and in line with applicable law.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
• Encrypted data transmission (HTTPS/TLS).
• JWT-based authentication with secure token handling.
• Role-based access control (RBAC) across all user types.
• Regular security reviews and updates.
• Secure database hosting with access controls.
• Encrypted data transmission (HTTPS/TLS).
• JWT-based authentication with secure token handling.
• Role-based access control (RBAC) across all user types.
• Regular security reviews and updates.
• Secure database hosting with access controls.
12. International Processing and Transfers
We and our subprocessors (such as hosting, CDN, and email providers) may process or store personal data in Serbia and in other countries where those providers operate. Cross-border transfers are handled in accordance with applicable law and the measures we can reasonably use under our agreements with vendors—this is not a commitment that a specific foreign statute (such as EU GDPR) governs every processing activity in every case.
If you need details for your own compliance (e.g. vendor categories), contact us at hola@admitto.net.
If you need details for your own compliance (e.g. vendor categories), contact us at hola@admitto.net.
13. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hola@admitto.net and we will take steps to delete such information.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.
15. Contact Us
If you have any questions about this Privacy Policy or wish to exercise privacy rights that may apply to you, please contact us:
Email: hola@admitto.net
Website: https://admitto.net
Email: hola@admitto.net
Website: https://admitto.net