Privacy Policy

1. What Information Do We Collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide when you register on the Services, express interest in our products, participate in activities on the Services, or contact us. This may include:

• Names and email addresses
• Contact or authentication data and passwords
• Fitness and workout data (exercises, sets, reps, weights, workout history)
• Body composition and health metrics (weight, body fat percentage, VO₂ max, and similar data you choose to log)

Sensitive Information

With your consent or as otherwise permitted by applicable law, we process health data, including fitness metrics, body composition data, and workout history.

Voice Consent

When you use the voice-controlled workout logging feature, we will request your explicit consent via an in-app permission prompt before capturing any voice audio. You may withdraw this consent at any time by disabling microphone access in your device settings. Revoking microphone access will disable the voice logging feature but will not affect other app functionality.

Payment Data

All payment data is handled and stored by Apple via its In-App Purchase system. We receive only limited transaction metadata (e.g., subscription status and purchase date) and do not receive or store your full payment details. See Apple's privacy notice.

Social Media Login Data

If you register using Sign in with Apple, we collect certain profile information from Apple as described in Section 7 below.

Application Data

If you use our application, we may also collect:

• Mobile Device Data. Device information such as device ID, model, manufacturer, operating system, version, IP address, and hardware model.
• Push Notifications. We may request to send you push notifications. You may turn these off in your device settings.
• HealthKit Data. With your explicit permission, we may read data from Apple HealthKit, such as workouts and activity data. We do not write data to HealthKit without your consent, and we do not use HealthKit data for advertising or share it with third parties for their independent use.

Information automatically collected

We automatically collect certain information when you use the Services, including:

• Device Data. IP address, device identification numbers, hardware model, operating system, and configuration information.
• Location Data. Approximate location based on IP address. You can opt out by disabling location permissions on your device.
• Voice Audio Recordings. Captured strictly with user consent. Voice data is transmitted to Deepgram for transcription and to OpenAI for contextual correction. Voice recordings are not retained by us after processing is complete.

Google API

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. How Do We Process Your Information?

We process your personal information for the following reasons:

• To facilitate account creation and authentication and manage user accounts.
• To deliver services to you, including generating workout plans, tracking fitness progress, and delivering rewards.
• To process voice commands by transmitting voice audio to Deepgram and OpenAI solely to transcribe and interpret your workout logging commands.
• To respond to user inquiries and offer support.
• To send administrative information about our products, services, and policy changes.
• To send push notifications about workouts, streaks, and rewards (where you have consented).
• To protect an individual's vital interest, such as to prevent harm.

3. What Legal Bases Do We Rely On?

We only process your personal information when we have a valid legal reason. We may rely on the following legal bases:

• Consent. You have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
• Performance of a Contract. Processing is necessary to fulfill our contractual obligations to you.
• Legal Obligations. Processing is necessary for compliance with our legal obligations.
• Vital Interests. Processing is necessary to protect your vital interests or those of a third party.

If you are located in Canada, we may process your information where you have given specific or implied consent, or in exceptional cases as permitted by law without consent (e.g., fraud investigations, legal proceedings).

4. When and With Whom Do We Share Your Personal Information?

We may share your personal information with the following third-party service providers under written data processing agreements:

• Convex — backend infrastructure and database services (privacy policy)
• Deepgram — voice transcription services (privacy policy)
• OpenAI — AI-powered workout logging correction (privacy policy)
• Apple — in-app purchase processing and Sign in with Apple authentication (privacy policy)

We may also share information in connection with a business transfer (merger, acquisition, or sale of assets) or when legally required to do so.

We do not sell your personal information to third parties. We do not share your personal information for third-party advertising purposes.

5. Do We Use Cookies and Other Tracking Technologies?

As a mobile application, Repps does not use traditional browser cookies. We may use mobile analytics SDKs to understand how you use the app — which features you access and how often. This information is used solely for internal analytics and improving our Services.

We may use Google Analytics for Firebase to track and analyze use of the Services. We do not use tracking technologies to serve you targeted advertisements, and we do not sell your data to advertisers.

6. Do We Offer Artificial Intelligence-Based Products?

Yes. Our AI products include:

• Speech-to-text / Transcription (powered by Deepgram)
• Contextual workout logging correction (powered by OpenAI)
• AI-powered workout plan generation and adherence tracking

Your voice data is transmitted to Deepgram solely for transcription and to OpenAI solely for contextual interpretation. We do not use your personal data to train third-party AI models beyond what is necessary to provide the Services, and our agreements with these providers restrict their use of your data accordingly.

7. How Do We Handle Your Social Logins?

Our Services offer Sign in with Apple. Where you choose to register this way, we receive certain profile information from Apple, which may include your name and email address (or Apple's private relay email address). We use this information only for the purposes described in this Privacy Notice. We are not responsible for Apple's use of your personal information — please review Apple's privacy notice.

8. How Long Do We Keep Your Information?

• Account and profile data — retained while your account is active. Upon deletion, we delete or anonymize your data within 30 days, except where retention is required by law.
• Voice audio recordings — transmitted to service providers for processing and not retained by us after the transaction is complete.
• Workout and fitness data — retained while your account is active. You may export or delete your data at any time via account settings.
• Analytics and usage data — retained for up to 24 months then deleted or anonymized.

9. How Do We Keep Your Information Safe?

We have implemented appropriate technical and organizational security measures, including encryption of data in transit and at rest, access controls, and regular security reviews. However, no electronic transmission over the Internet can be guaranteed to be 100% secure. You should only access the Services within a secure environment.

10. Do We Collect Information From Minors?

We do not knowingly collect data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years of age. If you become aware of any data we may have collected from children under age 18, please contact us at support@getrepps.com.

11. What Are Your Privacy Rights?

Depending on your location, you may have rights to: access a copy of your personal information; request rectification or erasure; restrict or object to processing; data portability; and not be subject to automated decision-making. To make a request, contact us at support@getrepps.com.

If you are in the EEA or UK and believe we are unlawfully processing your personal information, you have the right to complain to your local data protection authority. For GDPR inquiries, email us with "GDPR Request" in the subject line.

Account Information

To review, update, or delete your account: log in to account settings, or contact us at support@getrepps.com. Upon a deletion request, we will deactivate or delete your account within 30 days.

12. Controls for Do-Not-Track Features

We do not currently respond to DNT browser signals or other mechanisms that automatically communicate your preference not to be tracked online, as no uniform standard has been finalized. California law requires us to disclose this. If a standard is adopted in the future, we will update this notice accordingly.

13. Do United States Residents Have Specific Privacy Rights?

If you are a resident of California, Colorado, Connecticut, or other covered states, you may have rights to access, correct, delete, or obtain a copy of your personal information, and to opt out of certain types of processing.

Categories of Personal Information Collected

We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve months, and we will not sell personal information in the future.

How to Exercise Your Rights

Contact us at support@getrepps.com or visit getrepps.com. We will respond within 45 days as required by applicable law. To appeal a declined request, email us with "Privacy Appeal" in the subject line.

California "Shine The Light" Law

California residents may request, once per year and free of charge, information about categories of personal information we disclosed to third parties for direct marketing. Submit requests in writing to support@getrepps.com.

14. Do We Make Updates to This Notice?

Yes. We may update this Privacy Notice from time to time. The updated version will be indicated by the "Last updated" date at the top. We encourage you to review this notice frequently.

15. How Can You Contact Us?

16. How Can You Review, Update, or Delete Your Data?

You have the right to request access to, correction of, or deletion of your personal information. To make a request, visit getrepps.com or email support@getrepps.com.