Privacy Policy
How We Handle Your Data
This Privacy Policy explains how Iron Pass VIP collects, uses, stores, shares, and protects personal information when you use Iron Pass VIP, our websites, app, digital passes, QR check-ins, partner gym tools, owner console, promotions, and support services.
1. Who This Policy Applies To
This Policy applies to members, prospective members, partner gyms and venues, venue owners and staff, website visitors, people who contact support, and anyone else who interacts with our platform.
Iron Pass VIP is an Australian business with registered office at Sheraton Hotel, 27 Little Collins St, Melbourne, VIC, Australia 3000. We operate the Iron Pass VIP platform globally.
2. Personal Information We Collect
Depending on how you use the platform, we may collect:
- Account details, including name, email address, login details, verification status, profile photo, language preference, and account role.
- Membership and payment records, including selected plan, purchase date, expiry date, billing status, refunds, discounts, rewards, and transaction references.
- Check-in and visit data, including selected gym, QR scan time, visit history, scan status, duplicate scan alerts, waiver status, and gym payout allocation data.
- Profile and safety details you choose or are required to provide, including information needed for venue access, waivers, support, or safety checks.
- Reviews and user content, including ratings, written reviews, feedback, messages, photos, and promotional participation.
- Partner venue details, including gym name, owner or staff contact details, location, opening hours, photos, waiver text, business status, payout setup, bank account details, and tax identifiers such as NPWP where relevant.
- Technical data, including device type, browser, IP address, approximate location from network data, app version, error logs, security logs, cookies, local storage, and analytics or performance data.
- Support and communications, including emails, forms, requests, complaints, and records of how we respond.
3. Sensitive Information
We do not want you to provide sensitive information unless it is necessary for a venue waiver, safety incident, support request, legal requirement, or feature you choose to use. Sensitive information may include health information, injury details, disability information, emergency context, signatures, or identity information.
Where we collect sensitive information, we do so with your consent, because you provided it, because it is required for a venue waiver or safety process, or where otherwise permitted by law.
4. How We Collect Information
We collect personal information when you:
- visit our websites or open the app;
- create, update, or verify an account;
- buy, renew, cancel, or request a refund for a pass;
- scan into a partner gym or use a reward;
- complete a gym waiver or provide a signature;
- submit a review, promotion entry, partner gym application, or payout details;
- contact us for support; or
- interact with our technology providers, payment processors, cloud services, and security systems.
We may also receive information from partner gyms, payment processors such as Stripe, Firebase or other cloud providers, fraud prevention tools, support providers, and public or business records where needed to verify a venue or protect the platform.
5. Why We Use Personal Information
We use personal information to:
- operate the platform, app, websites, QR check-ins, passes, rewards, owner console, and admin tools;
- create and manage member and partner venue accounts;
- process payments, renewals, refunds, failed payments, chargebacks, and receipts;
- verify active access and allow partner gyms to confirm check-ins;
- record waivers, visit history, reviews, rewards, and support requests;
- calculate partner venue payout estimates, final payout allocations, and platform fees;
- detect and prevent fraud, duplicate scans, account sharing, payment misuse, unsafe conduct, and security incidents;
- send service messages, verification emails, support responses, operational updates, and important legal notices;
- improve the platform, fix bugs, test features, and understand performance;
- comply with laws, tax, accounting, payment, safety, dispute, and regulatory obligations; and
- market Iron Pass VIP, where permitted by law and your communication preferences.
6. Sharing With Partner Gyms and Venues
When you interact with a partner venue, we may share relevant information with that venue so it can verify access, provide services, manage reception, keep attendance and waiver records, respond to incidents, and comply with its own legal and safety obligations.
This may include your name, profile photo, account status, plan/access status, check-in time, waiver completion, review information, and other details needed for venue operations. Partner venues are independent businesses and may have their own privacy practices.
7. Sharing With Service Providers
We may share personal information with trusted providers who help us operate the platform, including:
- payment processors, including Stripe;
- cloud hosting, database, authentication, storage, and security providers, including Firebase and Google Cloud services;
- email, support, logging, analytics, monitoring, and error-reporting providers;
- professional advisers, accountants, lawyers, insurers, tax advisers, and auditors;
- banks, payout providers, and financial institutions involved in partner venue payouts;
- government, law enforcement, courts, regulators, or tax authorities where required or permitted by law; and
- buyers, investors, or advisers involved in a merger, financing, restructure, sale, or transfer of our business.
We do not sell personal information in the ordinary sense. We may use aggregated or de-identified information for reporting, analytics, partner summaries, and business planning.
8. Payments
Payments are processed by Stripe or another payment provider shown at checkout. We do not need to store your full card number in our own database. Payment providers may collect and process payment details, billing information, card metadata, fraud signals, and transaction records under their own terms and privacy policies.
9. Cookies, Local Storage, and Similar Technology
We use cookies, local storage, device storage, and similar technologies to keep you signed in, remember preferences, support saved-app behaviour, secure the platform, diagnose problems, and improve performance. You can control some of these technologies through your browser settings, but blocking them may stop parts of the platform from working properly.
10. Overseas Disclosure
We operate from Australia and provide services in international destinations. Your personal information may be stored, processed, or accessed in Australia, Indonesia, the United States, and other countries where our users, partner venues, support providers, payment providers, cloud providers, or business operations are located.
Where reasonable, we take steps to ensure overseas recipients handle personal information consistently with this Policy and applicable privacy laws.
11. Security
We use administrative, technical, and organisational measures designed to protect personal information, including access controls, authentication, cloud security tools, data minimisation, and monitoring for misuse. No online service can be guaranteed completely secure, so you should keep your login details confidential and tell us promptly if you suspect unauthorised access.
12. Retention
We keep personal information for as long as reasonably needed for the purposes described in this Policy, including to operate accounts, provide access, maintain visit and waiver records, handle disputes, calculate payouts, comply with tax and accounting obligations, detect fraud, enforce our terms, and meet legal requirements.
When information is no longer needed, we will take reasonable steps to delete, de-identify, or archive it, subject to technical, legal, backup, and business requirements.
13. Access, Correction, and Deletion Requests
You may request access to personal information we hold about you, ask us to correct inaccurate information, or ask us to delete information where deletion is legally and technically available. We may need to verify your identity before responding.
Some information cannot be deleted immediately, including records we need for tax, accounting, fraud prevention, safety, venue waiver, dispute, chargeback, or legal reasons.
14. Marketing Communications
We may send you service messages and important account notices. Where permitted, we may also send marketing about passes, locations, partner gyms, rewards, or promotions. You can unsubscribe from marketing messages where an unsubscribe option is provided, but we may still send important service, legal, security, billing, or account messages.
15. Children
The platform is intended for users aged 18 and over unless we expressly allow otherwise. We do not knowingly collect personal information from children without appropriate consent or legal basis. If you believe a child has provided personal information without permission, contact us.
16. Complaints
If you have a privacy question or complaint, contact us first at support@ironpass.vip. Please include enough detail for us to understand and respond to your concern.
We will aim to respond within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.
17. Changes to This Policy
We may update this Policy as the platform, destinations, laws, or business structure change. The latest version will be posted on this page. If changes are material, we may take additional steps to notify you.
18. Contact
Privacy contact: support@ironpass.vip
Iron Pass VIP, ABN to be inserted once issued, registered office Sheraton Hotel, 27 Little Collins St, Melbourne, VIC, Australia 3000.