July 06, 2021
Cloud-to-Cloud Backup

Types of Data Fitness Clubs Need to Backup, and Why

Gyms, fitness, and health centers may be in-person institutions, but their data lives online–and needs to be properly backed up and maintained. The fitness industry is worth more than $38 billion, and expected to continue growing, data points included.

As management systems continue to move online, cloud-based SaaS platforms like Microsoft 365 are convenient, easy, and reliable to use. For health and fitness centers, cloud-based platforms can help streamline operations, store client information, and improve member experience. With so much data to store and protect, fitness centers need to have strong retention and backup policies in place.

However, there are some drawbacks and factors to consider when using platforms like Microsoft 365 and Google Workspace. Health and fitness companies often utilize lower level licenses since their data storage and collaboration needs are typically more minimal, for example leveraging Google for a professional email address to reach out to clients. While lower level licenses are cost effective, they don’t offer the native retention rate of an enterprise-level Microsoft 365 license.

As a result, the risk of malicious or accidental data deletion poses a significant risk that fitness companies need to anticipate, mitigate, and protect against.

Read on to learn what types of data fitness companies need to backup, how backup vendors can minimize security risk, and fill retention gaps.

Microsoft 365 Shared Responsibility and Retention Rules to Pay Attention to

When using Microsoft 365 or Google Workspace, it’s important for companies to understand Microsoft 365 and Google Workspace’s retention policies, and the fact that each operates on a shared responsibility model, meaning it will protect some of your data, but not all. The following is a breakdown of these policies:

The Shared Responsibility Model

Under the shared responsibility model, platforms like Microsoft 365 and Google Workspaces will protect against:

  • Service interruptions due to software or hardware failure: Software and hardware failures happen all the time, but Microsoft 365 and Google Workspace are able to keep your data from getting lost during these situations.
  • Loss of service due to natural disaster or power outage: Additionally, Microsoft 365 and Google Workspace will retain and restore your data should a natural disaster or unexpected power outage occur.

This means companies are responsible for the following:

  • Accidental deletion: If a Microsoft or Google user accidentally deletes data, that data will not be recoverable without a backup system in place.
  • Ransomware and hackers: Unsuspecting fitness companies can fall victim to cyber attacks, and run the risk of their data on Microsoft 365 or Google Workspaces becoming encrypted and unavailable.
  • Malicious insiders: If a disgruntled and recently fired trainer or gym staff has access to your Microsoft 365 platform, they could wreak havoc by deleting important files and information.

Download our Shared Responsibility Infographic here.

Retention Policies

In conjunction with the shared responsibility model, Microsoft 365 and Google Workspaces maintain their own data retention policies. These policies indicate how long deleted data is kept in each platform’s systems before being permanently deleted–and no longer restorable. Check out what each platform will, and won’t retain below.

Microsoft 365 retention policies:

  • Microsoft 365 will retain customer data from Word, Excel, PowerPoint, Outlook, and OneNote.
  • For active deletion scenarios, which is when a user manually deletes data, the retention period is only 30 days.
  • For passive deletion scenarios, which is when the subscription period for a tenant expires, the retention period is no more than 180 days.
  • For Exchange Online, there are both hard and soft deletions when it comes to mailboxes and emails. Soft deleted data remains in Azure Active Directory for 30 days. A hard delete occurs when a soft deleted mailbox sits in Azure for longer than 30 days.
  • SharePoint Online data is retained for 93 days after being deleted from its original location. The item is then moved to the Recycling Bin, where it will remain until it is removed.

Get more information on how Backupify supplements native retention policies here. 

Google Workspaces retention policies:

  • Google Vault allows companies to retain, archive, search, and export email and chat messages for compliance and eDiscovery purposes.
  • Google Vault only retains Mail and Drive, and does not cover Contacts and Calendar.
  • Retention rules can be configured to control how long email and messages and chat are retained before they are removed from user mailboxes and deleted from Google systems.
  • Google keeps data available to Vault for approximately 30 days before it is fully purged.


Types of Data For Fitness Companies to Backup and Protect

What kind of data do fitness companies need to protect? Their top priority should be client data, along with the following:

  • Class schedules: If an Excel sheet with class times and rooms was deleted, a gym would lose valuable time to reimagine or resume schedules as planned.
  • Employee and trainer financial information: Fitness centers can have a lot of staff and part-time employees, like personal trainers, massage therapists, and cyclist instructors. It’s important to protect their personal financial data and records, and ensure they don’t get deleted or fall victim to cyber threats.
  • Client leads: Losing the information of potential client leads could cause companies to miss out on financial gains, or risk poor customer service reviews.
  • Gym equipment biometrics: Gyms now have apps and machines that are able to collect client biometrics, which can better optimize client fitness and goals. However, this is personal client data, which definitely needs to be protected and secured.
  • Marketing communications: Marketing collateral and gym promotions, reports, directories, as well as all internal and external communications, should be backed up.

It’s critical for fitness companies to backup and protect data, especially because so much of the data contains client information. You want to protect and backup your data for the following reasons:

  • Cyberthreats: Per the shared responsibility model, you don’t want to lose your data to hackers, ransomware or other Malware. Digital content stored in PDFs and JPEGs, like promotions, are ripe for ransomware attacks. When a file that’s stored in the cloud, like Microsoft 365, becomes under attack, you can lose access to all leads, names, and respondents who have engaged with your content. And, because they are static forms, you can’t roll back to a previous version.
  • Malicious insiders: Let’s say a trainer leaves a fitness club, and with them they try to take client information they want to bring to their next gym. Not only will they be in trouble for not collecting information legally, they can delete it from your system so you aren’t able to continue reaching out to your valid customers. Without safeguards in place, those valuable names can be impossible to relocate.

Discover more reasons to backup your data in the analyst report below.


SaaS Data Under Siege: Ransomware’s Rising Threat

Your cloud data could be just as vulnerable to the next wave of cyberattacks as data hosted on-premises

Office 365 logo

Secure Office 365 data protection. Backupify delivers fast recovery of Exchange, OneDrive, SharePoint Online, Calendar, Contacts and Microsoft Teams data.


Office 365 logo

Google Vault alone does not ensure your G Suite data is recoverable. Quickly restore lost data from Gmail, Calendars & Contacts, Drive and Shared Drives with Backupify.


See Why Backupify Wins SaaS Backup