Privacy Policy

Effective date: September 14, 2025
Company: innov8 MMA Ltd (“INNOV8 MMA”, “we”, “us”, “our”)
Registered address: 169 Soi Sukhumvit 93, Bang Chak, Phra Kanong, Bangkok, Thailand
Privacy contact: team@innov8mma.com

This Privacy Policy describes how INNOV8 MMA collects, uses, discloses, and protects personal information when you visit our facilities, use our websites, interact with our mobile/online services, purchase memberships or products, or communicate with us (together, the “Services”). We also describe our relationships with our key vendors: PushPress (member app/booking/payments) and Intellisite (our CRM and marketing automation platform).

By using the Services, you agree to this Policy and any other referenced documents.

1) Who we are & roles under privacy law

• Controller: INNOV8 MMA is the controller of your personal information.

• Processors:

  • PushPress, Inc. provides our member portal and mobile app for account management, check‑ins, reservations, waitlists, digital documents/waivers, and certain communications. PushPress also facilitates payments through Stripe. PushPress acts as our service provider/processor for these activities; you also interact with PushPress directly when using its app/portal, which is governed by PushPress’ own terms and privacy policy. PushPress+1

  • Intellisite is our CRM and marketing automation platform. It acts as our service provider/processor to store contact records, manage bookings communications, and deliver email/SMS/voice notifications we send on our behalf.

2) Information we collect

We collect the following categories of data, depending on how you interact with us:

A. Identity & contact — name, email, phone, address, date of birth, emergency contact, account identifiers (e.g., PushPress username). (Provided by you or updated in the PushPress Member App.) PushPress Help Center

B. Membership & transaction — plan type, check‑ins/attendance, class bookings/waitlists, invoices, payment history, and card‑on‑file status (processed via Stripe through PushPress). PushPress Help Center+1

C. Health & safety — pre‑exercise readiness information (e.g., PAR‑Q), injury notes you disclose to us, incident reports, and consent/waiver records.

D. Communications — emails/SMS/push messages, help requests, call notes; if we enable call recording or AI voice assistance, we will provide notice and obtain consent where required.

E. Device, usage & location — IP address, device identifiers, app events; PushPress may collect location data for its app/portal features and to prevent abuse, as described in its privacy policy. PushPress

F. Visual media & facility systems — CCTV footage (premises safety), event photography/video (see Media Consent).

G. Web & cookie data — website analytics, advertising pixels, cookie preferences (see Cookie Notice, §10).

Sources. We collect information (i) directly from you; (ii) automatically via our sites/apps; (iii) from service providers (e.g., PushPress, Intellisite, payment processors); and (iv) from publicly available sources or competition/event organizers you authorize.

3) Why we use your information (purposes & legal bases)

We process personal information for:

1. Providing the Services: registrations, reservations, check‑ins, class management, coaching, competitions, customer support. (Legal bases: contract; legitimate interests; consent for minors/health data where required.) PushPress enables app‑based reservations, profile updates, check‑ins, and related functionality. PushPress Help Center

2. Payments & billing: membership dues, class packs, retail sales, refunds, debt collection prevention. Payments are processed via Stripe through PushPress. (Legal bases: contract; legal obligation; legitimate interests.) PushPress Help Center+1

3. Safety & compliance: incident logging, facility access records, CCTV, fraud prevention, enforcing gym rules. (Legal bases: legitimate interests; legal obligation.)

4. Communications: booking confirmations, waitlist notices, schedule changes, service messages, and—if you opt in—marketing messages about classes, events, and offers. PushPress and Intellisite help deliver these communications (email/SMS/push). PushPress’ policy notes it and providers may send direct SMS communications. (Legal bases: contract; legitimate interests; consent for marketing where required.) PushPress

5. Marketing & analytics: cookie‑based analytics, ad measurement, and audience creation where permitted. (Legal bases: consent/opt‑out as applicable.)

6. Legal & risk: recordkeeping, tax/audit, responding to lawful requests, and exercising legal claims.

4) How we share information (categories of recipients)

We do not sell your personal information. We share it with:

• Service providers/processors: PushPress (member app/portal), Intellisite (CRM/marketing), payment processors (e.g., Stripe via PushPress), email/SMS/push providers, web hosts, analytics and security vendors, IT support. PushPress’ policy explains its use of third parties (e.g., SMS providers) and cookies/online tracking. PushPress

• Event & competition partners you register with through us;

• Professional advisors (legal, insurance, accounting);

• Authorities when required by law or to protect rights/safety;

• Successors in a business sale/merger.

When required (e.g., EU/UK GDPR), we maintain data processing agreements and ensure appropriate safeguards for sub‑processors. (PushPress publishes GDPR guidance clarifying you—as our vendor—act as processor while we remain the controller.) PushPress

5) SMS, calls & push notifications

• Transactional messages. We and/or PushPress/Intellisite send service messages (e.g., booking confirmations, waitlist notifications, receipts). PushPress’ documentation confirms the app sends push notifications for waitlist openings, and the platform can send email or SMS. PushPress Help Center+1

• Marketing messages. With your consent (or as permitted by law), we may send promotional emails/SMS. You can opt out anytime (reply STOP for SMS or use unsubscribe links).

• Carrier disclosures. Message frequency may vary; message & data rates may apply; carriers aren’t liable for delayed/undelivered messages. For help, reply HELP or contact us. PushPress

• Call recording/AI voice. If enabled, we will disclose recording at the start of calls and obtain consent where required. Recordings/transcripts (if any) are used for training/quality and retained per §8.

6) Children & minors

Minors may participate only with verified parent/guardian consent. We do not knowingly market to children. Parents/guardians may request access or deletion of a minor’s data at any time (subject to legal/health & safety recordkeeping).

7) International transfers

If data moves outside your country/region (e.g., to the U.S.), we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, plus technical/organizational measures. You can contact us for details.

8) Retention

We keep data only as long as needed for the purposes above, including to meet legal, tax, accounting, and safety obligations. Typical retention:

• Membership/contracts & waivers: [up to 7 years] after last activity;

• Payment records: [7 years];

• Communications & support: [2–3 years];

• CCTV: [30–60 days] unless required for incident review;

• Marketing preferences: until you opt out or your account is deleted;

• Health/injury reports: the longer of legal limitation periods or [7 years].

9) Your privacy rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to processing, and to withdraw consent at any time (without affecting prior lawful processing). You also have the right to lodge a complaint with your data protection authority.

How to exercise:

• Email us at [privacy@innov8mma.com]; and/or

• Manage parts of your profile, payment method, and reservations directly in the PushPress Member App (e.g., update email/phone/address/DOB, emergency contact, headshot, payment card on file, view invoices and attendance). PushPress Help Center

We will verify your request and respond within applicable timelines.

10) Cookies & online tracking

We use cookies and similar technologies on our websites and in third‑party services we embed (e.g., PushPress portal/pages). These support core functionality, security, analytics, and (if enabled) advertising/retargeting.

• Controls: You can manage cookies through our banner (where shown) and your browser settings.

• Global Privacy Control (GPC): We honor GPC signals where required.

• PushPress cookies/SDKs: PushPress and its service providers may use cookies and other tracking to deliver and improve the app/portal experience and for safety/anti‑fraud, per its privacy policy. PushPress

11) Security

We implement administrative, technical, and physical safeguards (access controls, encryption in transit, role‑based permissions, training, etc.). No system is 100% secure; please protect your account credentials and notify us of any suspected misuse.

12) Third‑party links & services

Our Services may link to or integrate with third‑party sites or tools (e.g., payment processors, event systems). Their privacy practices are governed by their own policies. When you use PushPress (app or portal), your use is also subject to PushPress’ Terms and Privacy Policy. PushPress

13) Region‑specific notices

A) United States — “Notice at Collection” (CA/VA/CO/CT/UT and similar)

• Categories collected: Identifiers; customer records; commercial information; internet/electronic activity; geolocation (via PushPress app/portal); audio (if calls recorded); inferences (basic segmentation for marketing); and limited health/safety notes you provide. PushPress

• Purposes: As in §3.

• Sensitive data: Health/injury notes used only for safety/training; no “precise” geolocation unless you allow it in the app.

• Sale/Share: We do not sell personal information. If we ever “share” data for cross‑context behavioral advertising (as defined by CPRA), we will honor opt‑out requests and GPC.

• Non‑discrimination: We will not discriminate against you for exercising your rights.

B) EU/UK GDPR

• Legal bases: contract, legitimate interests (e.g., facility safety, fraud prevention, service communications), consent (e.g., marketing; special‑category health data), and legal obligations.

• Controller/processor roles: We are the controller; PushPress/Intellisite act as processors on our behalf. PushPress’ GDPR page reiterates your (our) responsibilities as controller. PushPress

• Transfers: safeguarded per §7.

• DPO/Representative: [If applicable, insert details.]

C) Australia (if applicable)

We comply with the Australian Privacy Principles; you can access/correct data and make complaints to the OAIC if unresolved.

14) Data about others

If you provide data about another person (e.g., emergency contact, a minor under your guardianship), you represent you are authorized to do so and have shared this Policy with them where appropriate. PushPress similarly expects you to have authority when you disclose others’ information connected to its services. PushPress

15) Changes to this Policy

We may update this Policy. We’ll notify you of material changes by email/app or by posting an updated date at the top of this page.

16) How to contact us

Questions or requests?
Email: [privacy@innov8mma.com]
Mail: [INNOV8 MMA, Address]
If you’re in the EU/UK/AU, you may also contact your supervisory authority.

Schedule A — Data Map & Typical Recipients

CategoryExamplesPrimary Purpose(s)Typical RecipientsIdentity & ContactName, email, phone, DOB, emergency contactAccount creation, bookings, safetyPushPress (member app/portal); Intellisite (CRM/communications) PushPress Help CenterMembership & AttendancePlans, reservations, check‑ins, waitlistsProvide classes, capacity mgmt, liability logsPushPress (reservations/check‑ins/waitlists) PushPress Help CenterPaymentsInvoices, payment method, history (tokenized)Billing and refundsStripe via PushPress; accounting tools PushPress Help Center+1CommunicationsEmail/SMS/push, support ticketsService updates, marketing with consentPushPress & Intellisite; email/SMS providers; push services PushPress Help CenterDevice/Usage/LocationDevice data, app events, approximate locationSecurity, abuse prevention, app functionalityPushPress & its providers (as per its policy) PushPressHealth/SafetyPAR‑Q, injury notes, incident reportsSafety, training modifications, insuranceInternal staff; incident/insurance partnersVisual/CCTVFacility video, event photosSecurity; marketing (with consent)Security vendors; marketing platforms (if consented)

Schedule B — Cookie Notice (summary)

We use strictly necessary, functional, analytics, and advertising cookies. You can manage preferences via our cookie banner and your browser. PushPress and its providers may place cookies and use SDKs in their app/portal for functionality, analytics, security, and communications, per their policy. PushPress

Vendor references (for transparency)

• PushPress — Member App/Portal, reservations, check‑ins, waitlists, digital documents, communications; collects certain data (including location) and may send direct SMS/push notifications; integrates with Stripe for payments. Stripe+3PushPress+3PushPress Help Center+3

• Intellisite — Our CRM & marketing automation platform used to store contact information, manage pipelines/appointments, and deliver emails/SMS/voice messages we send on our behalf.

• info@intellisite.co