Glimetry logo Glimetry
Privacy Architecture

What data goes where — and what never moves

This is not a legal privacy policy. It's a visual, plain-English breakdown of exactly how data flows through Glimetry and what is structurally impossible for employers to see.

Data flows

Three actors. Three separate data scopes.

👤
Employee
Only you can see this data
Personal profile (name, email)
Individual gym check-in history
Daily engagement score breakdown
Wearable / Apple Health data
Sleep and heart-rate records
Medication or health condition details
Monthly qualification status
🏢
Employer
Aggregate, anonymized metrics only
Total enrolled employees (count)
Average engagement score (mean)
Participation rate (%)
Completion rate (% hitting target)
Activity mix breakdown (gym/wearable/sleep %)
Est. monthly savings (benchmark-based)
✗ No individual names, scores, or records
🏋️
Fitness Studio
Only your studio's check-in data
Anonymized member ID (not name)
Check-in timestamp at your location
Monthly check-in count per member ID
✗ No employer, benefit, or health info
✗ No medication or weight data
✗ No cross-studio data sharing

The wall

What is structurally impossible to see

These aren't just policy promises — they're architectural constraints. The employer portal queries only aggregate tables. Individual records are never joined to employer-visible queries.

🚫 Employers can never see
  • Employee names or identifiers linked to scores
  • Individual check-in history or workout logs
  • Weight, BMI, or medication-related data
  • Which specific medications employees take
  • Sleep records or heart rate data by person
  • Gym membership details or which gym they use
  • Any data below population-level aggregation
Employees always control
  • Whether to participate in the program at all
  • Which data sources they connect (Apple Health, wearable, manual)
  • Their difficulty tier and monthly targets
  • The ability to disconnect at any time
  • Access to their full personal activity history
  • Request for data deletion

How verification works

4 steps from check-in to employer dashboard

01
Employee
QR scan at the gym
The employee opens the Glimetry app and displays their unique QR code at the studio front desk. The code contains only an anonymized session token — no personal data.
02
Studio
Check-in logged
The studio's dashboard scans the QR and records a timestamped check-in event linked to the anonymized member ID. The studio sees only their own location's data.
03
Employee
Score updated
The verified check-in is added to the employee's engagement score. The employee sees their updated score in real time. No employer can see this individual update.
04
Employer
Aggregate refreshed
The employer's dashboard aggregate metrics (average score, participation rate, completion rate) are recalculated. No individual record is ever exposed — only the population-level numbers change.

Have more questions about privacy?

Read the FAQ or contact us directly at hello@glimetry.com

Read the FAQ → hello@glimetry.com