Purpose of this assessment
This Data Protection Impact Assessment (DPIA) summarises the risks associated with personal-data processing inside the GymAxis AI platform. It is published as a transparency artefact for prospects, customers, and the ICO if requested.
1. Description of processing
What: the GymAxis AI multi-tenant SaaS platform delivers gym CRM, member management, class booking, marketing campaigns, and operational record-keeping.
Why: to enable fitness operators to run their business — sell memberships, schedule classes, manage staff, market to leads, and track equipment compliance.
How: data is collected via web/mobile UI, public APIs, and CSV import. It is stored in MongoDB Atlas, processed by FastAPI services hosted in the EU, and accessed by authenticated operators of the relevant tenant.
2. Necessity & proportionality
Processing is justified under Art. 6(1)(b) (contract performance — gym member services) for transactional data, and Art. 6(1)(a) (consent) for any marketing communication. Special-category data is not processed by default.
3. Identified risks & mitigations
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Cross-tenant data leakage | Low | High | Every query gated on organization_id; automated tests cover tenancy boundaries. |
| Operator account compromise (phishing / credential stuffing) | Medium | High | Strong password policy, optional MFA, brute-force lockout, JWT revocation, 12h refresh. |
| Sub-processor breach (Stripe, Resend, etc.) | Low | Medium | All sub-processors are SOC 2 / ISO 27001 certified; UK IDTA in place for US transfers. |
| Insider threat (GymAxis staff) | Very low | High | Least-privilege IAM, tamper-evident audit log, mandatory annual training. |
| Data-subject rights non-compliance (delayed export / erasure) | Low | Medium | Self-serve GDPR endpoints for both operators and members; SLA < 30 days. |
| Loss of availability (outage) | Low | Medium | External uptime monitoring of /api/health/deep; daily backups with documented restore. |
| Long-term data retention beyond purpose | Medium | Low | Configurable per-org retention policy; automatic anonymisation of deleted member records. |
| AI feature data leakage to third-party LLMs | Low | Medium | PII redaction before LLM calls; opt-in per feature; zero-retention agreements with model providers. |
4. Outstanding actions
Open items at next review
- Independent penetration test of the platform.
- Establish an external uptime alerting policy with on-call rota.
- Schedule the first annual sub-processor risk review.
5. Approval
Reviewed by the GymAxis AI Data Protection Officer. Customers and prospects may request the full internal DPIA package by emailing dpo@gymaxisai.com.