Information we collect
Account information
When you sign in with Apple (iOS) or Google (Android), or create an account, we collect your email address (or a private relay email if you choose to hide it). If your sign-in provider shares it, we may receive your display name and profile photo to personalize your profile. We do not collect your name unless you or your provider supplies it.
Workout data
The App stores your workout templates, exercise logs, sets, reps, weights, durations, rest times, and progress photos. This data is stored locally on your device and, if you sign in, synced to our backend (Supabase) for backup and cross-device access.
Health data
With your explicit permission, the App reads the following from Apple Health (iOS) or Health Connect (Android) to provide personalized insights:
- Body weight
- Sleep analysis
- Heart rate (including resting heart rate)
- Body fat percentage
- Active energy / calories burned
The App writes your completed workouts (and the calories burned) back to Apple Health or Health Connect so they count toward your activity goals.
Our promiseHealth data is processed on your device and is never sold, used for advertising, or shared with third parties for marketing purposes. Health data is not transmitted to our servers in raw form. When you use the AI Coach, only aggregated, non-identifying summaries (e.g., weekly average sleep hours) may be sent to our AI processing partner to generate insights.
Location data
For outdoor cardio workouts (e.g., running, walking, cycling), the App uses your device's precise location while a tracking session is active to measure distance, route, and pace. Location is collected only during an active cardio session, is used solely to compute your workout metrics, and is not used for advertising. Route data is stored with your workout and, if sync is enabled, backed up to our backend. You can decline the location permission and still use all other features.
Photos
If you choose to attach photos to your workout progress, those photos are stored locally on your device and, if account sync is enabled, encrypted and uploaded to our backend.
Subscription & purchase data
Subscription purchases are processed by Apple (App Store) or Google (Google Play Billing), and your subscription status is managed by our subscription provider RevenueCat. We receive a receipt and an anonymous app user ID verifying your subscription status, but we do not have access to your payment card information.
Diagnostic information
We do not run any third-party analytics or crash reporting SDKs. The App Store and Google Play may collect anonymous diagnostic information through their standard platform mechanisms; you can disable this in your device privacy settings (iOS Settings → Privacy & Security → Analytics, or Android Settings → Google → Usage & diagnostics).
How we use your information
- To provide and operate the App's core features (workout tracking, history, charts)
- To measure distance, route, and pace during outdoor cardio workouts
- To sync your data across your devices when you sign in
- To generate personalized AI Coach insights (Pro subscribers only)
- To process subscription purchases and verify entitlements
- To respond to support requests
Third-party services
Our backend for authentication and data sync. Supabase stores your account email, workout data, and (if applicable) attached photos.
Privacy policyThe AI Coach uses the Claude API to generate plans, weekly reviews, and chart explanations. We send only goals, training-history summaries, and aggregated metrics — never raw health records. Anthropic does not train on this data.
Privacy policyManages and verifies subscription entitlements across platforms. RevenueCat receives purchase receipts and an anonymous app user ID, but not your payment card details.
Privacy policyData retention
We retain your account data for as long as your account is active. You can delete your account at any time from Settings → Account → Delete Account. Upon deletion, your account, workout history, and synced data are permanently removed from our servers within 30 days. Local data on your device is removed when you uninstall the App.
Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to certain processing
- Withdraw consent for processing where consent is the legal basis
To exercise these rights, contact us at the email below. EU/UK users have rights under GDPR; California users have rights under CCPA/CPRA.
Children's privacy
Repto is rated 12+ and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we discover such collection, we will delete the data promptly.
Security
We use industry-standard encryption in transit (HTTPS/TLS) and at rest. Our backend is hosted by Supabase with row-level security policies. However, no system is perfectly secure, and we cannot guarantee absolute security.
International transfers
Our backend is hosted in Sydney, Australia (Supabase ap-southeast-2). If you are accessing the App from outside that region, your data is transferred to and processed there.
Changes to this policy
We may update this Privacy Policy from time to time. The "Effective date" at the top will reflect the latest version. Material changes will be communicated through the App or via email.
Contact us
For privacy questions, data requests, or any other concerns, reach out any time.