Privacy Policy Thank you for using our Tezfit Client App ("App"), FitnessBlitzApp, or any other app developed under the Tezfit ecosystem (collectively referred to as "Apps"), provided by iSME ("we", "our", or "us"). iSME provides the technical infrastructure of the Tezfit ecosystem and processes personal data solely on behalf of Corporate Clients who control and manage their own customer relationships. This Privacy Policy explains how personal data may be collected, stored, used, and protected when interacting with the Tezfit ecosystem, including our Apps and the broader software automation services we provide. 1. Who Are Our Users? Our Tezfit ecosystem serves two distinct types of users: Private Individuals: Members or customers (e.g., gym-goers, shoppers) who interact directly with our Apps. These individuals are clients of our Corporate Clients, not of iSME. Corporate Clients: Businesses (e.g., fitness studios, retail outlets) that use our Tezfit ecosystem to automate and manage their operations. Corporate Clients do not use the Apps directly; instead, they leverage our backend systems to integrate with their own services. 2. Information Collected Through the Apps While our Apps are operated by iSME, personal data entered through the Apps belongs to and is controlled by the respective Corporate Client (e.g., a fitness club). Private Individuals may provide certain information when registering or interacting with a Corporate Client through the Apps. This information includes: Name and surname Phone number Locker room preference (e.g., male or female) The Apps are not designed to collect device identifiers, precise location data, or background usage information, except where such information may be technically necessary for essential app functionality such as authentication, security, or system integrity. iSME does not access or use this data for any purpose other than maintaining app functionality and security. This information is stored on infrastructure operated by iSME solely for the purpose of providing software services to Corporate Clients. iSME does not use this data for its own marketing, analytics, or independent business purposes. 3. Health-Related Data Our Apps may be used by Corporate Clients such as fitness clubs to manage memberships and access to fitness facilities. * The Apps do not collect, store, or process health or medical data about users. In particular, the Apps do not collect or analyze: * heart rate * body measurements or weight * medical conditions or medical records * workout statistics or activity tracking data * biometric or physiological measurements However, because the Apps may be used by fitness facilities, certain basic account and membership information related to a user may be stored in the system by the respective Corporate Client. This may include: * name and contact information * membership status * purchase or subscription history related to access to services This information is used solely for operational purposes, such as managing memberships, granting access to services provided by the Corporate Client, and maintaining customer records. iSME does not use this information for health analysis, health profiling, advertising, or independent analytics and processes such data solely as a technical service provider on behalf of Corporate Clients. 4. Our Role in Data Processing As providers of the Tezfit ecosystem: iSME acts solely as a data processor on behalf of Corporate Clients. Corporate Clients remain the data controllers responsible for determining the purposes and means of processing personal data of their customers. We enable Corporate Clients to manage their operations (e.g., memberships, bookings) through our backend systems. Private Individuals interact exclusively with our Apps, which act as a gateway to services provided by Corporate Clients. All personal data entered through the Apps is transmitted to and stored for the benefit of the respective Corporate Client, while iSME provides the technical infrastructure supporting these data flows. 5. Security Measures As a provider of technical infrastructure and a data processor on behalf of Corporate Clients, iSME implements the following security measures: Our infrastructure adheres to strict security protocols including encrypted data transmission, secure server infrastructure, and access control mechanisms. We conduct regular audits to ensure the integrity and confidentiality of our systems. As iSME stores data on behalf of Corporate Clients, access to personal data is restricted and protected through authentication mechanisms and role-based access controls. 6. Data Retention Personal data entered through the Apps is stored on servers operated by iSME on behalf of Corporate Clients. Data is retained for as long as the Corporate Client maintains an active service agreement with iSME or until the Corporate Client deletes the data from the system. Corporate Clients are responsible for determining the retention period of their customers' data in accordance with applicable laws and their internal policies. If a Corporate Client terminates its service agreement with iSME, the associated data may be deleted from our systems within a reasonable technical period, typically within 30–90 days after service termination, unless otherwise required by law. 7. Data Deletion Private Individuals who wish to delete their personal data should contact the Corporate Client (e.g., the fitness club) with whom they registered. Corporate Clients have administrative control over the customer data stored in the system and can modify or delete it at any time. Upon request from a Corporate Client, iSME will facilitate the deletion of the relevant data from our infrastructure within a reasonable technical timeframe. If a user no longer wishes to use the App, uninstalling the App does not automatically delete the user’s account data, as the data is managed by the respective Corporate Client. 8. Information Sharing and Disclosure Personal data entered through the Apps is associated with the respective Corporate Client (e.g., the fitness club) with whom the Private Individual interacts. iSME does not sell, rent, or share personal data with third parties for advertising or marketing purposes. Access to personal data is limited to: The respective Corporate Client, which manages its own customer relationships. Authorized personnel of iSME, solely for the purpose of maintaining and supporting the technical operation of the Tezfit ecosystem. iSME does not disclose personal data to unrelated third parties except: when required by applicable law or legal process; when necessary to protect the security and integrity of our systems. Any use of personal data by Corporate Clients is governed by their own privacy policies and internal procedures. 9. Changes to This Policy We may update this Privacy Policy periodically. If changes affect how information is handled within the Tezfit ecosystem, we will notify Corporate Clients via: Email (for Corporate Clients). App notifications or website updates for Private Individuals. 10. Contact Us For questions about our services or data handling practices: Corporate Clients: admin@tezportal.kz Private Individuals: Please contact your respective Corporate Client directly, as they manage their own customer relationships.