Dgymbook employs multiple layers of protection to prevent unauthorised access to your account and your members’ data.
Authentication controls
- OTP-based login for members — Members log in via a one-time password sent to their registered phone number, eliminating the risk of weak or reused passwords.
- Secure password storage — Gym owner and staff passwords are hashed and salted before storage, making them unreadable even if the database were ever compromised.
- Session management — Login sessions expire after a period of inactivity, reducing the risk of unauthorised access from unattended devices.
Infrastructure security
- HTTPS everywhere — All traffic to and from Dgymbook is encrypted via TLS, preventing man-in-the-middle attacks.
- Firewalls and network controls — Dgymbook’s servers sit behind network-level firewalls that restrict access to only the ports and services required to run the application.
- Access-controlled server environments — Direct server access is restricted to a small number of authorised engineers using key-based authentication. Password-based SSH access is disabled.
Application-level controls
- Role-based permissions — Within your gym account, you control which staff members can access which features. Sensitive operations are restricted to authorised roles.
- Data isolation — Each gym’s data is logically separated so that users from one gym cannot access data belonging to another.
Monitoring
Dgymbook continuously monitors for suspicious activity such as repeated failed login attempts and unusual access patterns. Alerts are triggered automatically for investigation.
For questions about account security, contact our support team.