Fitness Clubs and Gyms are being sued over how their websites track visitors under California Privacy Law. Plaintiffs' firms filed 800+ of these claims last year, with settlements running $1M+.Here's the catch: you don't need a California location to be a target. If your site uses Meta Pixel, Google Analytics, chat widgets, or session recording (most do), any California visitor is a potential plaintiff — especially if trackers fire before someone accepts a cookie banner. Fitness clubs face extra scrutiny because class bookings, health questionnaires, and body metrics count as health-adjacent data — the kind that draws the biggest settlements.
A physical presence in California is not required.
The law follows the consumer, not the company’s address. The CCPA applies to for-profit businesses that do business in California and meet any one of these thresholds:
The fix is straightforward, and most clubs are lower-risk than the headlines might suggest. We've put together a short advisory that walks you through a self-assessment to evaluate your risk level and the steps to close the gap.
For more information about the California Consumer Privacy Act (CCPA), visit the official California Privacy Protection Agency
This is general information only and isn't legal advice — consult your attorney about your specific situation.