Privacy Policy
Last updated: May 5, 2026
This Privacy Policy describes how your personal information is collected, used, and shared when you use the RepGPT application ("the App").
1. Information We Collect
Account Information
- Email address, first name, last name, date of birth, gender
- Hashed password (we never store your password in plaintext)
Profile & Training Context
- Experience level, equipment access, sessions per week, average session length
- Unit preferences (kg/lbs, km/mi, cm/ft-in)
Health & Fitness Data
- Weight, body fat percentage, muscle mass, height
- Workout logs: exercises performed, sets, reps, weights, duration
- Workout templates and schedules
- Fitness goals, injuries, and medical notes you provide
- Optional advanced metrics: reps in reserve (RIR), rep quality, rep speed, pain level/notes
AI Chat Data
- Messages you send to the AI personal trainer
- AI-generated workout plans and recommendations
What We Do Not Collect
- We do not use any third-party analytics SDK (no PostHog, Mixpanel, Amplitude, Firebase, etc.)
- We do not use any crash-reporting SDK (no Sentry, Crashlytics, etc.)
- We do not collect advertising identifiers (IDFA) and we do not share data with advertising networks
- We do not access your camera, microphone, photos, contacts, or location
2. How We Use Your Information
- Personalization: Tailoring AI workout recommendations to your goals, experience level, equipment, and health constraints
- Service operation: Storing your workout history, tracking progress, managing your account
- AI training recommendations: Processing your chat messages to generate workout plans via AI
- Communication: Sending account-related emails (verification, password reset)
3. Third-Party Services
We share data with the following third-party services:
| Service | Data Shared | Purpose |
|---|---|---|
| OpenAI | Chat messages, user profile context (goals, injuries, experience level), recent workouts | Generating AI workout recommendations (default provider) |
| Anthropic (Claude) | Chat messages, user profile context, recent workouts | Generating AI workout recommendations (alternative provider, optional) |
| Resend | Email address | Transactional emails (verification, password reset) |
| Fly.io | All application data | Cloud hosting of our backend and database |
Bring Your Own Key (BYOK): You can optionally configure your own OpenAI or Anthropic API key in Profile → AI Settings. Keys are stored only on your device using iOS Secure Enclave (Expo SecureStore) and are never transmitted to our servers. When BYOK is configured, chat data is sent to the provider you chose using your key, under their terms of service.
Push notifications: Rest-timer notifications are scheduled and delivered locally on your device only. No notification content is transmitted to our servers or any third party.
4. Data Retention
- Your data is retained for as long as your account is active.
- When you delete your account, all associated data is permanently removed from our servers, including workout logs, health metrics, chat history, goals, injuries, and medical notes.
- Backups containing deleted data may persist for up to 30 days before being purged.
5. Your Rights
You have the right to:
- Access your data: You can export all your data from the App (workout logs, health metrics, profile information).
- Delete your data: You can delete your account and all associated data at any time from the Profile screen.
- Portability: You can export your data in standard formats (JSON/CSV).
- Correction: You can update your profile information at any time.
For EU/EEA Residents (GDPR)
- Lawful basis: We process your data based on your consent (account creation) and legitimate interest (service operation).
- Data controller: Contact us at the email below.
- You have the right to lodge a complaint with your local data protection authority.
For California Residents (CCPA)
- We do not sell your personal information.
- You have the right to know what data we collect and request its deletion.
- You will not be discriminated against for exercising your privacy rights.
6. Data Security
We use industry-standard security measures including:
- Encrypted data transmission (HTTPS/TLS)
- Hashed passwords (bcrypt)
- JWT-based authentication
- Encrypted token storage on device
7. Children's Privacy
The App is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover we have collected data from a child under 16, we will delete it promptly.
8. AI Disclaimer
AI-generated workout plans and recommendations are for informational purposes only. They do not constitute medical advice. Always consult a qualified healthcare professional before starting any exercise program, especially if you have existing health conditions or injuries.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App and updating the "Last updated" date.
10. Contact Us
For privacy inquiries, data requests, or questions about this policy, contact us at:
Email: support@rep-gpt.com