Legal

Privacy Policy

Effective Date: March 7, 2026

RepRank (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the RepRank mobile application (“App”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the App.

1. Information We Collect

We collect information you provide directly to us, information generated through your use of the App, and limited technical data.

1.1 Information You Provide

  • Account Information: Email address when you register or sign in.
  • Body Stats: Bodyweight entries you choose to log within the App.
  • Workout Data: Exercises, sets, reps, and weights you record in the App.
  • Exercise Progress: Historical performance data and personal records (PRs) derived from your logged workouts.
  • Subscription Information: Purchase and subscription status managed through Apple in-app purchases and RevenueCat. We do not receive or store your payment card details — Apple handles all payment processing.

1.2 Automatically Collected Information

  • Device Information: Device model, iOS version, unique device identifiers, and app version.
  • Usage Data: Features used, screens viewed, crash reports, and diagnostic data collected via Apple's standard crash reporting.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and provide core App functionality.
  • Calculate and display your rank based on your logged lifts.
  • Store and display your workout history and progress charts.
  • Process and verify your subscription status via RevenueCat and Apple.
  • Respond to support requests and inquiries.
  • Improve and develop new App features.
  • Monitor App performance and diagnose technical issues.
  • Comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal bases for processing your personal data are:

  • Contract: Processing necessary to provide the App services you requested (e.g., storing your workouts, managing your account).
  • Legitimate Interests: Improving App features, diagnosing crashes, and ensuring security, where such interests are not overridden by your rights.
  • Legal Obligation: Complying with applicable law.
  • Consent: Where we explicitly request consent for specific processing activities.

4. Third-Party Service Providers

We share information with trusted third parties solely to operate the App. These providers are contractually required to protect your data and may not use it for their own purposes.

4.1 Supabase

We use Supabase as our backend database and storage provider. Your email address, workout history, exercise progress, and bodyweight data are stored on Supabase infrastructure. Supabase stores data on servers located in the United States (AWS us-east-1 by default). Data transfers outside the EEA are protected by Standard Contractual Clauses (SCCs). Learn more at supabase.com/privacy.

4.2 RevenueCat

We use RevenueCat to manage in-app subscriptions and entitlements. RevenueCat receives your device identifier, purchase tokens issued by Apple, and subscription status. RevenueCat does not receive your payment card details. Learn more at revenuecat.com/privacy.

4.3 Apple

RepRank is distributed via the Apple App Store. Apple processes all in-app purchases. Your use of the App is also subject to Apple's Privacy Policy.

4.4 OpenAI

RepRank Pro includes an AI Coach feature. When you use this feature, your workout prompt is transmitted to OpenAI's API to generate a personalised programme recommendation. OpenAI may process this data in accordance with their own privacy policy. We do not send identifiable personal information (such as your name or email) to OpenAI — only the fitness-related prompt you enter. For users in the EEA or UK, OpenAI acts as a data processor under a Data Processing Agreement. Learn more at openai.com/policies/privacy-policy.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the App's services. If you delete your account, we will delete or anonymise your personal data within 30 days, unless we are required to retain it for legal or regulatory reasons (e.g., financial records relating to purchases).

6. Your Rights

6.1 GDPR Rights (EEA / UK Users)

If you are in the EEA or UK, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data (“right to be forgotten”).
  • Restrict or object to certain processing activities.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK or your national data protection authority in the EU).

6.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell about you.
  • Delete personal information we have collected from you.
  • Opt-out of the sale of your personal information. (We do not sell personal information.)
  • Non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, contact us at support@repunlock.app. We will respond within 30 days (or as required by applicable law).

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher.
  • Row-level security (RLS) policies on Supabase so users can only access their own data.
  • Authentication via Supabase Auth (email + password with hashed storage).
  • Regular dependency updates and security reviews.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

RepRank is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us immediately at support@repunlock.app and we will take steps to delete such information.

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including the United States. When transferring data from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure your data is protected.

10. Links to Third-Party Sites

The App may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top of this page. For material changes, we will notify you via in-app notification or email. Your continued use of the App after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: