Onya App Tech LTD Print-on-Demand Clothing Service Terms and Conditions


ONYA APP PRIVACY POLICY


Effective Date: 04/02/2026

Last Updated: 04/02/2026





1. Introduction


Onya App Tech Ltd (“Onya”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy.


This Privacy Policy explains how we collect, use, disclose, store and protect personal data when you use:


  • The Onya mobile application (the “App”);
  • The Onya web platform; and
  • Any related services provided by Onya (collectively, the “Services”).


This Privacy Policy is intended to comply with:


  • The UK General Data Protection Regulation (“UK GDPR”);
  • The EU General Data Protection Regulation (“EU GDPR”); and
  • Applicable data protection laws.


By using the Services, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.




2. Identity of the Data Controller


Onya App Tech Ltd

United Kingdom

Email: support@onyaapp.io

Website: https://www.onyaapp.io



Data Protection Roles


Onya provides a software platform to independently owned and operated gyms.


Depending on the context:


  • Your gym acts as the Data Controller in respect of membership, attendance, performance and related data.
  • Onya acts as a Data Processor on behalf of the gym.
  • In limited circumstances (including platform analytics, support communications and account administration), Onya acts as a Data Controller.


If you are unsure who controls your data, please contact your gym in the first instance.




3. Categories of Personal Data Collected


We may collect and process the following categories of personal data:



3.1 Information You Provide Directly


  • Full name
  • Email address
  • Telephone number
  • Date of birth (if provided)
  • Profile photograph (optional)
  • Emergency contact details (if provided)
  • Class bookings and attendance records
  • Workout and performance data (including weights, repetitions and logged activities)
  • Rewards and milestone progress
  • In-app communications
  • Customer support enquiries


If merchandise or services are purchased:


  • Shipping address
  • Order details
  • Purchase history




3.2 Payment Information


Payments made through the Services are processed by Stripe, our third-party payment processor.


When you submit payment information:


  • Payment card details are collected and processed directly by Stripe.
  • Onya does not store full payment card numbers or security codes.
  • Onya may receive limited transaction-related information from Stripe (e.g., transaction ID, payment status, last four digits of card number) for reconciliation, fraud prevention and support purposes.


Stripe processes personal data in accordance with its own privacy policy and applicable data protection laws.




3.3 Automatically Collected Data


When you use the App, we may automatically collect:


  • Device type and model
  • Operating system and version
  • Application version
  • IP address
  • Usage data and feature interaction
  • Diagnostic and crash data


This information is used to maintain, secure and improve the Services.




3.4 Information Provided by Your Gym


Your gym may upload or manage additional information relating to:


  • Membership status
  • Attendance history
  • Performance metrics
  • Engagement statistics


Your gym determines the purposes and legal basis for processing such information.




4. Purposes of Processing


Personal data is processed for the following purposes:


  • Providing class booking and attendance management functionality
  • Enabling workout tracking and performance logging
  • Administering rewards and engagement features
  • Processing merchandise orders
  • Facilitating payments via Stripe
  • Providing customer support
  • Improving functionality and user experience
  • Ensuring platform security and fraud prevention
  • Complying with legal and regulatory obligations


We do not sell personal data to third parties.




5. Lawful Bases for Processing


Where Onya acts as Data Controller, processing is carried out on one or more of the following legal bases:


  • Performance of a contract;
  • Legitimate interests (including service improvement and security);
  • Compliance with legal obligations;
  • Consent (where required).


Where your gym acts as Data Controller, it determines the applicable legal basis.




6. Disclosure of Personal Data


We may share personal data with:


  • The relevant gym (as Data Controller);
  • Stripe (payment processing provider);
  • Cloud infrastructure providers;
  • Analytics and diagnostics providers;
  • Email and notification service providers;
  • Merchandise fulfilment partners;
  • Professional advisers (where required by law).


We ensure that all third-party processors are subject to appropriate contractual and security obligations.




7. International Data Transfers


Personal data may be processed outside the United Kingdom or European Economic Area.


Where such transfers occur, we ensure appropriate safeguards are in place, including:


  • UK International Data Transfer Agreements;
  • Standard Contractual Clauses approved by the European Commission;
  • Other lawful transfer mechanisms recognised under applicable law.




8. Data Retention


We retain personal data:


  • For the duration of your active account;
  • As instructed by your gym (where it is Data Controller);
  • As necessary to comply with legal, tax and accounting obligations.


Upon account deletion:


  • Personal data will be deleted or anonymised within 30 days, unless retention is legally required.
  • Financial transaction records may be retained in accordance with accounting and regulatory requirements.




9. Your Rights


Under applicable data protection laws, you have the right to:


  • Request access to your personal data;
  • Request rectification of inaccurate data;
  • Request erasure (“right to be forgotten”);
  • Restrict processing;
  • Object to processing;
  • Request data portability;
  • Withdraw consent where processing is based on consent.


If your gym controls your data, you may need to direct your request to the gym.


Requests may be submitted to: support@onyaapp.io


You also have the right to lodge a complaint with a supervisory authority.

In the United Kingdom, this is the Information Commissioner’s Office (ICO).




10. Account Deletion


In compliance with Apple App Store requirements, users may delete their account directly within the App by navigating to:


Settings → Account → Delete Account


Deletion requests are processed within 30 days.


Certain data may be retained where required by law or for legitimate regulatory purposes.




11. Security Measures


We implement appropriate technical and organisational security measures, including:


  • Encryption in transit;
  • Secure hosting environments;
  • Role-based access controls;
  • System monitoring and logging.


While we take reasonable steps to protect personal data, no system can guarantee absolute security.




12. Children


The Services are not directed to children under the age of 13.


We do not knowingly collect personal data from children without appropriate consent. If such data is identified, it will be deleted promptly.




13. Changes to This Privacy Policy


We reserve the right to update this Privacy Policy at any time.


Updated versions will be published on our website and, where appropriate, notified within the App.