Back to Home
Privacy Policy
Last updated: February 23, 2026
1. Introduction
Welcome to Admitto ("we", "us", "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform at admitto.net and related services.
Admitto is a cloud-based SaaS platform for managing gyms, spas, wellness centers, and hotels. This policy applies to all users of our services, including business administrators, staff members, and end-user members.
Admitto is a cloud-based SaaS platform for managing gyms, spas, wellness centers, and hotels. This policy applies to all users of our services, including business administrators, staff members, and end-user members.
2. Data Controller
Admitto, operated from Serbia, is the data controller responsible for your personal data.
Contact email: hola@admitto.net
Website: https://admitto.net
Contact email: hola@admitto.net
Website: https://admitto.net
3. Data We Collect
We collect and process the following categories of personal data:
Account Information: Name, email address, phone number, and login credentials when you create an account.
Business Data: Business name, address, type (gym, spa, hotel, wellness center), configuration settings, and staff information provided by business administrators.
Member Data: Name, email, phone number, membership details, check-in history, QR code identifiers, and profile photos uploaded by or on behalf of members.
Usage Data: IP addresses, browser type, device information, pages visited, and interaction patterns with our platform.
Media Content: Photos, logos, gallery images, and videos uploaded through our platform, stored via Bunny CDN (bunny.net).
Communication Data: Messages sent through our contact forms, support requests, and email correspondence.
Account Information: Name, email address, phone number, and login credentials when you create an account.
Business Data: Business name, address, type (gym, spa, hotel, wellness center), configuration settings, and staff information provided by business administrators.
Member Data: Name, email, phone number, membership details, check-in history, QR code identifiers, and profile photos uploaded by or on behalf of members.
Usage Data: IP addresses, browser type, device information, pages visited, and interaction patterns with our platform.
Media Content: Photos, logos, gallery images, and videos uploaded through our platform, stored via Bunny CDN (bunny.net).
Communication Data: Messages sent through our contact forms, support requests, and email correspondence.
4. How We Use Your Data
We use your personal data for the following purposes:
• Service Delivery: To provide our gym, spa, wellness, and hotel management platform, including member check-in, booking management, and notifications.
• Account Management: To create and manage user accounts, authenticate users via JWT tokens, and maintain security.
• Communication: To send transactional emails (account verification, password resets, booking confirmations) through our email service provider SendGrid.
• Real-time Notifications: To deliver WebSocket-based notifications for check-ins and business events.
• Analytics: To provide business administrators with usage statistics and check-in analytics for their facility.
• Platform Improvement: To improve our services, fix bugs, and develop new features.
• Legal Compliance: To comply with applicable laws and regulations.
• Service Delivery: To provide our gym, spa, wellness, and hotel management platform, including member check-in, booking management, and notifications.
• Account Management: To create and manage user accounts, authenticate users via JWT tokens, and maintain security.
• Communication: To send transactional emails (account verification, password resets, booking confirmations) through our email service provider SendGrid.
• Real-time Notifications: To deliver WebSocket-based notifications for check-ins and business events.
• Analytics: To provide business administrators with usage statistics and check-in analytics for their facility.
• Platform Improvement: To improve our services, fix bugs, and develop new features.
• Legal Compliance: To comply with applicable laws and regulations.
5. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
• Contract Performance: Processing necessary to deliver our services under our Terms of Service.
• Legitimate Interests: Platform improvement, security, and fraud prevention.
• Consent: Where you have given explicit consent, such as for marketing communications.
• Legal Obligation: Where processing is required by law.
• Contract Performance: Processing necessary to deliver our services under our Terms of Service.
• Legitimate Interests: Platform improvement, security, and fraud prevention.
• Consent: Where you have given explicit consent, such as for marketing communications.
• Legal Obligation: Where processing is required by law.
6. Data Sharing and Third Parties
We share your data with the following categories of third-party service providers:
Bunny CDN (bunny.net): We use Bunny CDN for media storage and delivery. Uploaded images, logos, gallery photos, and videos are stored on Bunny CDN servers. Media is organized per business and served via admitto-media.b-cdn.net.
SendGrid (Twilio): We use SendGrid for transactional email delivery, including account notifications, password resets, and booking confirmations.
Hosting Providers: Our backend infrastructure is hosted on secure servers to ensure data availability and performance.
We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.
Bunny CDN (bunny.net): We use Bunny CDN for media storage and delivery. Uploaded images, logos, gallery photos, and videos are stored on Bunny CDN servers. Media is organized per business and served via admitto-media.b-cdn.net.
SendGrid (Twilio): We use SendGrid for transactional email delivery, including account notifications, password resets, and booking confirmations.
Hosting Providers: Our backend infrastructure is hosted on secure servers to ensure data availability and performance.
We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.
7. Cookies and Tracking
Our platform uses essential cookies necessary for the functioning of the service, including:
• Authentication Cookies: To maintain your logged-in session via JWT tokens.
• Preference Cookies: To remember your language selection and display preferences.
We do not use third-party advertising or tracking cookies on our landing page. Business dashboard and mobile applications use minimal cookies required for functionality.
• Authentication Cookies: To maintain your logged-in session via JWT tokens.
• Preference Cookies: To remember your language selection and display preferences.
We do not use third-party advertising or tracking cookies on our landing page. Business dashboard and mobile applications use minimal cookies required for functionality.
8. Data Retention
We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy:
• Active Accounts: Data is retained for the duration of your account or business subscription.
• Inactive Accounts: Data may be retained for up to 24 months after account deactivation for reactivation purposes.
• Legal Requirements: Some data may be retained longer to comply with legal obligations.
• Anonymized Data: Aggregated, anonymized analytics data may be retained indefinitely.
Business administrators can request data deletion through their dashboard or by contacting us directly.
• Active Accounts: Data is retained for the duration of your account or business subscription.
• Inactive Accounts: Data may be retained for up to 24 months after account deactivation for reactivation purposes.
• Legal Requirements: Some data may be retained longer to comply with legal obligations.
• Anonymized Data: Aggregated, anonymized analytics data may be retained indefinitely.
Business administrators can request data deletion through their dashboard or by contacting us directly.
9. Multi-Tenant Data Isolation
Admitto operates a multi-tenant architecture where multiple businesses share the same infrastructure. We implement strict data isolation measures:
• Each business's data is segregated using unique business identifiers.
• Business administrators can only access data belonging to their own organization.
• Staff members have role-based access limited to their assigned business.
• Members can only access their own profile and check-in history.
These measures ensure that no business can access another business's data.
• Each business's data is segregated using unique business identifiers.
• Business administrators can only access data belonging to their own organization.
• Staff members have role-based access limited to their assigned business.
• Members can only access their own profile and check-in history.
These measures ensure that no business can access another business's data.
10. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:
• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request limitation of how we process your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at hola@admitto.net. We will respond within 30 days.
• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request limitation of how we process your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at hola@admitto.net. We will respond within 30 days.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
• Encrypted data transmission (HTTPS/TLS).
• JWT-based authentication with secure token handling.
• Role-based access control (RBAC) across all user types.
• Regular security reviews and updates.
• Secure database hosting with access controls.
• Encrypted data transmission (HTTPS/TLS).
• JWT-based authentication with secure token handling.
• Role-based access control (RBAC) across all user types.
• Regular security reviews and updates.
• Secure database hosting with access controls.
12. International Data Transfers
Our primary infrastructure is located in Europe. When data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent protections as required by GDPR.
13. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hola@admitto.net and we will take steps to delete such information.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.
15. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Email: hola@admitto.net
Website: https://admitto.net
Email: hola@admitto.net
Website: https://admitto.net