๐Ÿ”ฅ NOW OPEN 24/7 โ€” Maryville, Newcastle
Legal

Privacy Policy

Last updated: 4 May 2026

The Basin Gym (ABN 52 331 467 600) โ€” "Basin", "we", "our", "us" โ€” is committed to protecting the personal information of every member, trial guest and prospect we deal with. This policy explains what information we collect, why we collect it, how we keep it secure, and what your rights are under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

What we collect

We collect only the information we need to deliver our services safely and to operate the gym.

  • Account information: name, email, mobile phone number, password (hashed โ€” we never store the plain text), date of birth, emergency contact name and phone, and your assigned member number.
  • Health screening (PAR-Q): answers to the Pre-Activity Readiness Questionnaire that you complete before training. This is sensitive health information and is only ever read by Nick Poole (Head Coach) or another qualified Basin coach assigned to your programme.
  • Training data: session logs, exercise history, weights, reps and any metrics you choose to record in the members portal.
  • Feedback and check-ins:answers you submit to the 6-week check-in form, the "ask a question" thread, and any anonymous feedback you choose to send.
  • Payment context: we do not store credit card numbers ourselves. Direct debits are processed via Easy Debit; one-off payments via Stripe. We hold the customer reference and transaction history only.
  • Site analytics: standard server logs (IP address, browser, page accessed, timestamp). We do not use third-party tracking pixels.

Why we collect it

  • To deliver coaching, programming and recovery services safely.
  • To meet our duty-of-care obligations under the PAR-Q screening process.
  • To send you reminders, programme updates and occasional gym communications.
  • To analyse 6-week check-in trends across the membership (in aggregate) and identify any individual member who may benefit from a one-on-one chat with Nick. This analysis is performed by an automated AI service (Anthropic โ€” see "Service providers" below) and the resulting report is read only by Nick.
  • To improve our programmes and the member experience.

Anonymous feedback

The standalone "Submit Anonymous Feedback" form on the members portal is genuinely anonymous. We do not store your member ID, IP address or any other identifier alongside the feedback. Once submitted, there is no technical way for us to know who left it. Use it freely.

The 6-week check-in form is not anonymous โ€” this is intentional, so Nick can follow up with you directly if you flag a concern.

Service providers

We use the following providers to operate the gym and the members portal. Each is bound by their own privacy and security obligations:

  • Supabase โ€” hosts our member database and document storage in the AWS Sydney region (ap-southeast-2). All data stays in Australia.
  • Vercel โ€” hosts this website. Standard server logs only.
  • GoHighLevel โ€” handles SMS and email reminders. Stores name, email, phone and engagement tags.
  • Anthropic (Claude) โ€” analyses 6-week check-in submissions in batch to produce a summary report for Nick. Submissions are sent with first names only; full names, emails and contact details are stripped before analysis. Anthropic does not retain or train on this data per their commercial terms.
  • Stripe and Easy Debit โ€” payment processing. We never see your full card details.

How we keep it secure

  • Passwords are hashed using industry-standard bcrypt โ€” we never store or transmit the plain text.
  • Member portal traffic is encrypted in transit (TLS 1.3).
  • Member documents (membership agreements, signed waivers, PAR-Q forms) are gated behind your account login and served via short-lived signed URLs that expire within 60 seconds.
  • Database row-level security ensures each member can only access their own records, even if there is a bug in the application code.
  • Any access to member data by Nick or another coach is logged for audit purposes.

Your rights

Under the Australian Privacy Act, you have the right to:

  • Request a copy of the personal information we hold about you.
  • Ask us to correct any information that is inaccurate, incomplete or out of date.
  • Ask us to delete your account and personal information, subject to any legal record-keeping obligations (e.g. signed waivers we are required to retain).
  • Withdraw consent for marketing communications at any time.
  • Make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you are not satisfied with our handling of your information.

Contact us

For any privacy question, correction request, or to exercise any of the rights above, contact Nick Poole directly:

Looking for the full Member Privacy Policy document? Once you sign in to the members portal, the signed PDF is available alongside your other documents.