Skip to content

Legal

Privacy Policy

Last updated 2026-05-24

Good Climbs Inc. ("Good Climbs", "we", "us") respects your privacy. This Privacy Policy describes what information we collect when you register for an account, visit our gym, or interact with our website, and how we use, share, and protect that information. By creating an account or using our services, you agree to the practices described below.

What we collect

We collect only what we need to operate the gym, keep you safe, and give you a usable membership.

  • Identity & contact details: full name, email address, mobile number, date of birth, and emergency contact information.
  • Membership data: shoe size (for rentals), RFID keyfob ID, passes purchased, sessions checked in, bookings, and resoling orders.
  • Payment data: transaction records (amount, method, time). Payment card details are processed by our payment partners — we do not store full card numbers.
  • Waiver record: the date and time you signed the liability waiver and a copy of your handwritten signature image.
  • Account photo: if you let staff capture an ID photo at registration, that image is stored on your member profile.
  • Usage data: basic logs of your visits, pass redemptions, and waitlist activity needed to run the gym.

How we use it

  • To verify your identity at check-in and grant access to the gym.
  • To sell passes, manage bookings, and run the resoling queue.
  • To notify you about your waitlist position, account changes, or time-sensitive operational updates via SMS or email.
  • To respond to emergencies and provide basic first aid.
  • To comply with our legal obligations under Philippine law (including BIR-mandated sales records for tax purposes).
  • To investigate misuse, fraud, or breaches of our House Rules.

Marketing & community media

Photos and videos taken in the gym may be used by Good Climbs for community and marketing purposes, as described in the Terms & Conditions and the liability waiver you signed at registration. You may withdraw your consent for future use at any time by emailing privacy@goodclimbs.ph. We will make reasonable efforts to remove or anonymise images of you in materials we control going forward, but cannot guarantee retroactive removal from materials already published by third parties.

Who we share with

We do not sell your personal information. We share it only with:

  • Service providers that help us operate the gym — including our payment processors, SMS provider (Semaphore), and email provider (Resend) — strictly to deliver the service you requested.
  • Government authorities where required by Philippine law (e.g. tax authorities, law enforcement with valid process).
  • Successors in interest, in the event of a merger, acquisition, or sale of substantially all of our assets. We will notify you if a change of control affects how your data is handled.

How long we keep it

We keep your account data for as long as you have an active membership and for a reasonable period afterwards to settle outstanding matters and comply with our legal obligations. Specific retention windows applied by our systems:

  • Sales records — at least seven (7) years for compliance and audit purposes; BIR-relevant audit-log entries are retained for at least ten (10) years per BIR record-keeping rules.
  • Waiver records — retained for the life of the account and indefinitely after erasure for safety and legal-defense purposes.
  • Check-in history — three (3) years; rows older than this window are automatically purged by a scheduled retention sweep.
  • Resoling orders — two (2) years from the completion date; older completed orders are purged automatically.
  • Waitlist entries — ninety (90) days from the served / removed date; older served entries are purged automatically.
  • Email verification tokens and password reset tokens — purged seven (7) days after expiry (the tokens themselves are valid for 24 hours and 1 hour respectively).
  • Account-claim tokens — valid for thirty (30) days; expired tokens are purged on the same sweep.
  • Archived account profiles — retained until you submit a right-to-erasure request; the soft-archive itself is reversible by you or by gym staff. Hard-deletion (the irreversible erasure) is performed only on explicit request and only after archival.

Your rights

Under the Data Privacy Act of 2012 (Republic Act No. 10173), you have the following rights:

  • Right to be informed — about the collection and processing of your data (this notice).
  • Right to access — view what we hold about you. Sign in and visit My Profile, My Passes, My Receipts, My Activity, and My Calendar.
  • Right to data portability — download a machine-readable copy of every record we hold about you at `/api/me/export.json` (member sign-in required), or from the My Profile page.
  • Right to correct — update your name, photo, phone, and emergency contact from My Profile. Email us for fields you can't edit yourself (date of birth, shoe size, RFID tag, email address).
  • Right to object — opt out of marketing or community-media use by emailing us; opt out of transactional emails via account settings.
  • Right to erasure or blocking — request deletion of your account where lawful. Sales and waiver records are retained per the section above.
  • Right to be notified of a breach — see Security below.
  • Right to lodge a complaint — with the National Privacy Commission at privacy.gov.ph.

To exercise any of these rights, contact us at privacy@goodclimbs.ph.

Photo capture & use

When you register — whether online or at the front desk — we capture and store a photo of you on your member profile. This photo is used to:

  • identify you visually at check-in (the staff workstation surfaces it next to your name on every successful tap),
  • confirm your identity during account claim (the `/claim/{token}` page shows your photo as the "is this you?" check before you set your password), and
  • act as a forensic check during account recovery (when an admin issues a temporary password or sends a reset link in person, they verify the photo on file against the person at the desk).

You may request deletion of your stored photo under your right to erasure (see below). Deletion follows the same flow as full account erasure: email us at privacy@goodclimbs.ph and we will process the request within the period set by Good Climbs management.

Audit trail

Every staff- or admin-initiated change to your account — password reset, branch reassignment, temp-password issue, marketing opt-in flip, account claim, profile edit — is recorded in our audit log as required by RA 10173 record-keeping. The log captures the actor (the staff/admin who performed the action), the time, and a non-sensitive summary of the change (we do not store cleartext passwords, for example). You can request a copy of the audit trail for your account at any time by emailing us.

Security

We use industry-standard safeguards — including encryption in transit, access control, and audit logging — to protect your information. No system is perfectly secure; we will notify affected members in the event of a personal data breach that creates a real risk of harm, as required by law.

Cookies

Our website uses essential cookies to keep you signed in and to remember UI preferences. We do not use cookies for cross-site advertising tracking.

Children

Our online services are not directed at children under 13. Members under 18 are welcomed but require a co-signed waiver from a parent or guardian at the front desk.

Changes to this policy

We may update this policy as the gym evolves. Material changes will be announced on the website and, where appropriate, by email to active members. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions or requests about this Privacy Policy can be sent to privacy@goodclimbs.ph.