Last Updated: June 19, 2026
This Privacy Policy (“Policy”) describes how Dayat Enterprises, Inc., doing business as ManageMemberships (“ManageMemberships,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with our membership management software platform and related services (collectively, the “Services”). The Services are designed for gyms, martial arts schools, fitness facilities, clubs, and other membership-based organizations throughout the United States.
By accessing or using our Services, including our website at https://www.managememberships.com, mobile applications, and related platforms, you (“you” or “User”) acknowledge that you have read and understood this Policy and consent to the collection, use, and disclosure of your personal information as described herein.
If you do not agree with the terms of this Policy, please do not access or use our Services. For questions or concerns, contact us at privacy@dayat.net.
Governing Law. This Policy is governed by and construed in accordance with the laws of the State of Indiana, without regard to its conflict of law principles. Our principal place of business is located at PO Box 14684, Evansville, Indiana 47714.
National Operations. While governed by Indiana law, this Policy applies to our operations throughout the United States and addresses compliance obligations under applicable federal and state privacy laws, including but not limited to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA/CPRA”), and similar comprehensive state privacy laws.
Business Model. ManageMemberships provides a software-as-a-service (SaaS) membership management platform to facility operators (“Account Owners”). In most instances, ManageMemberships acts as a service provider or processor on behalf of Account Owners who determine the purposes and means of processing personal information of their members and customers (“End Users”). This Policy describes our own data practices; Account Owners are responsible for their own privacy notices and practices with respect to End Users.
Types of Users. This Policy applies to:
Personal Information. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Personal Information includes but is not limited to the categories listed in Article 3 below.
Sensitive Personal Information. “Sensitive Personal Information” means Personal Information that reveals: (a) social security number, driver’s license number, state identification card number, or passport number; (b) account log-in credentials, financial account numbers, debit or credit card numbers in combination with required security or access codes; (c) precise geolocation data; (d) racial or ethnic origin, religious beliefs, or union membership; (e) contents of mail, email, or text messages where we are not the intended recipient; (f) genetic data; (g) biometric information processed for the purpose of uniquely identifying an individual; or (h) personal information collected and analyzed concerning an individual’s health, sex life, or sexual orientation.
Services. “Services” means the ManageMemberships membership management platform, including:
Processing. “Processing” means any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, restriction, erasure, or destruction.
Third Party. “Third Party” means a person or entity other than ManageMemberships, an Account Owner, or an End User.
We collect the following categories of Personal Information depending on how you interact with our Services:
We collect Personal Information that you voluntarily provide when you:
We automatically collect certain information when you access or use our Services, including:
We may receive Personal Information from:
We process Personal Information for the following business and commercial purposes:
Service Delivery and Account Management:
Communications:
Business Operations and Analytics:
Security, Fraud Prevention, and Legal Compliance:
Integration and Third-Party Services:
We process Personal Information based on one or more of the following legal grounds:
We collect and process precise geolocation data only when you have granted location permissions through your mobile device settings. Location data is used to:
Automated Decision-Making. We may use automated systems to analyze usage patterns, detect fraudulent transactions, or personalize your experience. You have the right to request human review of automated decisions that produce legal or similarly significant effects.
We share Personal Information with third-party vendors, service providers, contractors, and agents who perform services on our behalf and are contractually obligated to protect your information. These third parties include:
Sharing with Account Owners. When you interact with the Services as an End User of an Account Owner (such as a gym member), we share your Personal Information with that Account Owner to enable them to manage their membership operations. This may include your contact information, membership status, booking history, attendance records, payment history, waiver execution status, and usage patterns.
Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, Personal Information may be transferred to the successor entity or acquiring party. We will provide notice before your Personal Information becomes subject to a different privacy policy.
We may disclose Personal Information if required to do so by law or in response to valid requests by public authorities, including to:
With Your Consent or at Your Direction. We may share Personal Information for any other purpose disclosed to you and with your consent, or at your direction, such as when you choose to link third-party services to your account.
Restrictions on Location Data Sharing. Your precise GPS location data is stored securely on AWS servers in the United States and is never sold or shared with third parties for marketing purposes. Location data may be shared with service providers only for the purposes of providing the gym management Services described in this Policy.
Restrictions on Integration Data Transfers. Data transfers to Account Owner-enabled integrations occur only while an integration remains active. Account Owners can disable integrations at any time through their Portal Settings, which immediately ceases ongoing data transmission to that provider.
Use of Cookies. We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information when you interact with our Services. These technologies help us:
Types of Cookies. We may use the following categories of cookies:
Managing Cookies. Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. Please note that disabling cookies may limit certain features and functionality of our Services.
Do-Not-Track Signals. Some web browsers and mobile operating systems include a Do-Not-Track (“DNT”) feature or setting. We do not currently respond to DNT browser signals or similar mechanisms.
Mobile Advertising Identifiers. Our mobile applications may collect Advertising Identifiers (IDFA for iOS devices and AdID for Android devices) for analytics and advertising purposes. You can limit ad tracking or reset your advertising identifier through your device settings:
General Retention Period. We retain Personal Information for as long as necessary to fulfill the purposes outlined in this Policy, comply with our legal obligations, resolve disputes, enforce our agreements, and meet business requirements.
Standard Retention Periods. Unless otherwise specified in this Article or required by applicable law, we retain Personal Information according to the following schedule:
Extended Retention for Legal Compliance. We may retain Personal Information beyond the standard retention periods when:
Storage Location and Infrastructure. Personal Information is stored on secure servers operated by Amazon Web Services (AWS) located in the United States. We do not transfer Personal Information outside the United States.
Deletion and Anonymization. At the end of the applicable retention period, we securely delete or anonymize Personal Information in accordance with industry best practices. Anonymized data that can no longer reasonably identify an individual may be retained indefinitely for analytical and research purposes.
Account Owner Responsibilities. Account Owners who use our Services to manage their membership operations are responsible for establishing their own data retention policies with respect to End User information. Account Owners may export data from the platform and must manage deletion requests from their End Users in accordance with their own privacy obligations.
Security Measures. We implement appropriate technical and organizational security measures designed to protect Personal Information from unauthorized access, alteration, disclosure, or destruction. These measures include:
Payment Data Security. Payment card information is processed and stored exclusively by our PCI DSS-compliant payment processors, including Stripe. We do not directly collect, store, or process full credit card numbers or security codes on our own servers. Payment processors are responsible for maintaining compliance with Payment Card Industry Data Security Standards.
Location Data Security. Precise GPS location data collected through mobile applications is encrypted in transit and stored securely on AWS infrastructure in the United States. Access is restricted to authorized personnel only.
Employee Training. Personnel with access to Personal Information receive training on data protection principles, security best practices, and their obligations under this Policy and applicable law.
Limitations. Despite our security measures, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We cannot guarantee absolute security of Personal Information. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.
Security Breach Notification. In the event of a data breach that compromises the security, confidentiality, or integrity of your Personal Information, we will notify affected individuals and, where applicable, Account Owners and regulatory authorities in accordance with applicable state and federal data breach notification laws.
Right to Access. You have the right to confirm whether we are processing your Personal Information and to request access to the specific pieces and categories of Personal Information we have collected about you.
Right to Correction. You have the right to request correction of inaccurate Personal Information we maintain about you. You may update certain account information directly through your user profile or by contacting us.
Right to Deletion. You have the right to request deletion of Personal Information we have collected from you, subject to certain exceptions. We may retain Personal Information when necessary to:
Right to Data Portability. You have the right to request a copy of the Personal Information you provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity.
Right to Opt Out of Sale or Sharing. We do not sell Personal Information for monetary consideration. If we engage in data sharing that constitutes “selling” or “sharing” under applicable state privacy laws, you have the right to opt out of such sharing.
Right to Opt Out of Targeted Advertising. If we use Personal Information for targeted advertising purposes, you have the right to opt out of such processing. You may exercise this right through your account settings or by contacting us.
Right to Limit Use of Sensitive Personal Information. Where we process Sensitive Personal Information beyond what is necessary to provide the Services, you have the right to limit such use. Currently, we process Sensitive Personal Information only to the extent necessary to deliver the Services.
Location Services Control. You may disable location tracking at any time through your mobile device settings. You can also request deletion of your stored location data by contacting us at privacy@dayat.net. Disabling location services may limit certain app features, including check-in functionality.
Communications Preferences. You have the right to opt out of marketing communications at any time by:
Opting out does not affect transactional or service-related communications necessary to provide the Services.
Right to Non-Discrimination. You have the right to exercise the privacy rights described in this Article without suffering discrimination, including denial of services, different pricing or service levels, or suggestion that you will receive different pricing or service levels for exercising your rights.
Authorized Agent. You may designate an authorized agent to submit requests on your behalf. We may require verification that the agent is authorized to act on your behalf, including a written and signed permission document or a valid power of attorney.
Verification of Requests. To protect your privacy and security, we verify your identity before fulfilling access, deletion, or portability requests. Verification requirements may include:
Response Timeframes. We respond to verified requests within forty-five (45) days of receipt. If we require additional time, we will notify you of the extension and the reason for it. Extensions will not exceed an additional forty-five (45) days.
Appeal Rights. If we decline to take action regarding your request, we will notify you within the response timeframe and explain the reasons for our decision. Certain state laws provide you with the right to appeal our decision. Information regarding appeal procedures will be provided with any denial.
California Residents. If you are a California resident, you have additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA/CPRA):
Virginia Residents. If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act (VCDPA) to access, correct, delete, and obtain a copy of your Personal Information, and to opt out of targeted advertising, sale of Personal Information, and profiling in furtherance of decisions that produce legal or similarly significant effects.
Colorado Residents. If you are a Colorado resident, you have rights under the Colorado Privacy Act (CPA) to access, correct, delete, and obtain a copy of your Personal Information, and to opt out of targeted advertising, sale of Personal Information, and profiling.
Connecticut Residents. If you are a Connecticut resident, you have rights under the Connecticut Data Privacy Act (CTDPA) to confirm whether we process your Personal Information, access your Personal Information, correct inaccuracies, delete your Personal Information, obtain a copy in a portable format, and opt out of targeted advertising, sale of Personal Information, and profiling.
Utah Residents. If you are a Utah resident, you have rights under the Utah Consumer Privacy Act (UCPA) to access, delete, and obtain a copy of your Personal Information, and to opt out of targeted advertising and sale of Personal Information.
Other State Residents. Residents of Delaware, Florida, Indiana, Iowa, Kentucky, Montana, New Hampshire, New Jersey, Oregon, Tennessee, and Texas may have rights under applicable state privacy laws. Contact us at privacy@dayat.net to learn more about your rights and how to exercise them.
Age Restriction. Our Services are not directed to children under eighteen (18) years of age, and we do not knowingly collect Personal Information directly from children under eighteen (18), except as permitted when Account Owners enroll minors with appropriate parental or guardian consent as described below. By using the Services, you represent that you are at least eighteen (18) years old.
Parental Consent for Minors. Account Owners may enroll minors under eighteen (18) in membership programs, classes, or activities. In such cases, the Account Owner is responsible for obtaining all necessary parental or guardian consents and providing any required notices under the Children’s Online Privacy Protection Act (COPPA) and applicable state laws.
Discovery of Children’s Information. If we learn that we have collected Personal Information from a child under eighteen (18) without verification of parental consent, we will delete that information as quickly as possible. If you believe we have collected information from a child under eighteen (18), please contact us immediately at privacy@dayat.net.
Third-Party Websites. Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by ManageMemberships. We are not responsible for the privacy practices or content of third-party sites. This Policy does not apply to information collected by third parties.
Third-Party Integrations. Account Owners may enable integrations with third-party platforms such as Zapier, Google Sheets, Trello, or other automation services. When an Account Owner activates an integration, Personal Information may be transmitted to the third-party provider to perform the requested functionality. Each third-party integration is governed by that provider’s own privacy policy and terms of service.
Payment Processors. Payment processing services, including Stripe, are governed by their own privacy policies. We encourage you to review Stripe’s privacy policy at https://stripe.com/privacy.
Door Access Providers. If an Account Owner utilizes optional door access integrations, your facility entry data may be shared with the third-party access control system provider. Such providers operate under their own privacy policies.
Your Responsibility. We encourage you to review the privacy policies of any third-party services before providing Personal Information or enabling integrations. We are not responsible for the data practices of third parties.
Effective Date and Last Update. This Policy is effective as of the date stated at the top of this document and was last updated on the date indicated.
Right to Modify. We reserve the right to update, modify, or replace this Policy at any time to reflect changes in our Services, business practices, legal requirements, or for other operational, legal, or regulatory reasons.
Notice of Material Changes. When we make material changes to this Policy, we will:
Effective Date of Changes. Updated versions of this Policy will indicate an updated “Last Updated” date. The revised Policy will become effective on the date specified in the notice or, if no date is specified, upon posting to our website.
Continued Use Constitutes Acceptance. Your continued access to or use of the Services after the effective date of any changes constitutes your acceptance of the revised Policy. If you do not agree to the updated Policy, you must discontinue use of the Services.
Material Changes Requiring Consent. For certain material changes that expand our rights to process Sensitive Personal Information or materially diminish your privacy rights, we may seek your affirmative consent before the changes take effect.
Archival Versions. We maintain archival versions of prior privacy policies. To request a copy of a previous version, contact us at privacy@dayat.net.
If you have questions, comments, or concerns about this Policy or our privacy practices, you may contact us at:
Dayat Enterprises, Inc. d/b/a ManageMemberships
Attn: Privacy Officer
PO Box 14684
Evansville, Indiana 47714
United States
Email: privacy@dayat.net
To exercise your privacy rights described in Articles 9 and 10 of this Policy, you may:
When submitting a privacy rights request, please provide:
If you use an authorized agent to submit a request on your behalf, we may require:
Response Time and Process. We will acknowledge receipt of your request and respond within forty-five (45) days. If we require additional time, we will inform you of the reason and extension period, which will not exceed an additional forty-five (45) days. We will deliver our response by mail or electronically, at your option.
No Fee for Requests. We do not charge a fee to process or respond to your verifiable privacy rights request unless it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will notify you of the fee and the reasons for it before completing your request.
Appeal Process. If we deny your request in whole or in part, we will provide you with an explanation of our decision. Certain state laws provide you with the right to appeal our decision. If you wish to appeal, contact us at privacy@dayat.net with “Privacy Rights Appeal” in the subject line and include:
We will respond to appeals within the timeframe required by applicable law, typically forty-five (45) days.
Commitment to Accessibility. We are committed to ensuring that this Policy is accessible to individuals with disabilities.
Alternative Formats. If you would like to receive this Policy in an alternative format (such as audio, large print, or other accessible format), please contact us at privacy@dayat.net or the mailing address listed in Article 14, Section I.
Accessibility Assistance. If you experience difficulty accessing or understanding any portion of this Policy due to a disability, we will work with you to provide the information in a format that is accessible to you.
Entire Agreement. This Policy, together with our Terms of Service and any other agreements governing your use of the Services, constitutes the entire agreement between you and ManageMemberships regarding the privacy and security of your Personal Information.
Severability. If any provision of this Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions will remain in full force and effect. The invalid, illegal, or unenforceable provision will be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving the parties’ original intent.
Waiver. Our failure to enforce any right or provision of this Policy will not constitute a waiver of that right or provision unless acknowledged and agreed to by us in writing. No waiver of any provision of this Policy will be deemed a further or continuing waiver of such provision or any other provision.
Survival. The provisions of this Policy that by their nature should survive termination of your account or discontinuation of the Services will survive, including but not limited to provisions regarding data retention, security obligations, limitation of liability, indemnification, and dispute resolution.
Interpretation. The headings and captions used in this Policy are for convenience only and will not affect the interpretation of this Policy. Unless the context requires otherwise, words in the singular include the plural and vice versa.
Language. This Policy is drafted in English. In the event of any conflict between an English version and a translation, the English version will prevail to the extent permitted by applicable law.
Assignment. You may not assign or transfer your rights or obligations under this Policy without our prior written consent. We may assign or transfer our rights and obligations under this Policy without restriction, including in connection with a merger, acquisition, reorganization, or sale of assets.
Force Majeure. We will not be liable for any failure or delay in performing our obligations under this Policy due to circumstances beyond our reasonable control, including acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, network infrastructure failures, strikes, or shortages of transportation, facilities, fuel, energy, labor, or materials.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Policy, you must not access or use the Services.