Skip to content

Privacy Policy for Repgrit

Effective Date: May 6, 2026

This Privacy Policy explains how Repgrit ("Repgrit", "we", "us") processes information when you use the Repgrit iOS app, any related Apple Watch components, and the Repgrit website.

This document is provided for transparency and GDPR compliance. It is not legal advice.

1. Data Controller

Controller: Denis Kobliha (IČO: 09570446) Business address: Březnice 642, 760 01, Czech Republic Contact: support@repgrit.com

If you are in the EEA/UK/Switzerland, Repgrit acts as the "controller" of your personal data (GDPR/UK GDPR terminology).

2. What We Process

A. Account Data

When you sign in (Sign in with Apple), we process:

  • Email address (if provided by Apple)
  • User identifier (your Supabase user ID)

B. Profile & Preferences

We process profile settings stored in our backend, such as:

  • Experience level
  • Preferred units
  • Timezone

C. Workout Data (User Content)

We process the content you create in the app, including:

  • Workout notes you type (raw text)
  • Structured workout data derived from notes (e.g., exercises, sets, reps, weight)
  • Timestamps (created/updated time)

D. Apple Health Data (Optional)

If you connect Apple Health, Repgrit may read certain HealthKit data, such as:

  • Sleep analysis
  • Heart Rate Variability (HRV)
  • Resting heart rate
  • Steps
  • Other recovery-related metrics shown in the app

E. Subscription Data

If you purchase Repgrit Pro, Apple processes payments. Repgrit does not receive your payment card or billing details. Repgrit receives and stores limited subscription entitlement information needed to unlock Pro features, such as your current entitlement tier, source, and expiry time.

F. Website Data

If you visit repgrit.com, we may use consent-based website analytics cookies through Plausible Analytics if you opt in. You can reject analytics cookies or withdraw analytics consent through the website cookie controls. Required cookies or local storage used for site operation and consent state may still be used.

G. Diagnostic Data

We aim to minimize logging. The app may generate standard device logs for troubleshooting. Our backend logs operational metadata needed for security, reliability, abuse prevention, and quota enforcement, but we do not intentionally log your workout notes or AI prompts/responses.

H. Support Requests

If you contact us for support, we may process your email address and the content of your message to respond to your request.

3. Why We Process Data (Purposes)

We process your data to:

  • Provide core app functionality (workout tracking, parsing, stats, coaching insights)
  • Sync your data across devices
  • Provide optional Apple Health based recovery features
  • Provide customer support and respond to requests
  • Handle subscriptions and entitlements
  • Protect the service from abuse, troubleshoot operational issues, and maintain security
  • Run consent-based website analytics if you opt in on repgrit.com

4. AI / LLM Processing

Repgrit can use a third-party LLM provider (Groq or OpenRouter) to convert workout notes into structured workout data, and to assist with import-related translation/matching.

When this feature is used, relevant workout text (and import text) is sent to our backend proxy, which then sends the request to the configured LLM provider for processing. We aim to send only the text needed for the specific AI feature. You should avoid entering unnecessary sensitive personal information into free-form notes.

We use this server-side architecture to avoid exposing provider credentials in the iOS app and to keep tighter control over logging, access, and vendor configuration.

Repgrit does not intentionally retain AI prompts or AI responses in its logs. LLM providers may temporarily process or retain limited data for abuse prevention, security, reliability, or troubleshooting, depending on their service terms and our configuration.

5. Legal Bases (GDPR)

If you are in the EEA/UK/Switzerland, our main legal bases are:

  • Performance of a contract (Art. 6(1)(b)): to provide the app features you request (account, sync, workout storage, parsing).
  • Consent (Art. 6(1)(a)): for optional features such as Apple Health connectivity and optional website analytics. You can withdraw Apple Health consent by disconnecting Apple Health in the app and/or changing permissions in iOS Settings. You can withdraw website analytics consent through the website cookie controls.
  • Legitimate interests (Art. 6(1)(f)): for service security, abuse prevention, operational troubleshooting, and limited support record keeping, where those interests are not overridden by your rights.
  • Explicit consent (Art. 9(2)(a)): for optional Apple Health access and related recovery features when that data is considered health data under GDPR.

Workout logs and training notes can be health-like because they describe exercise, performance, pain, fatigue, or recovery. We process this data to provide the workout tracking service you request, and we apply extra safeguards such as access controls, backend row-level security, prompt minimization, and blocking Apple Health/recovery-derived data from external AI flows.

6. Sharing & Processors

We share data with the following categories of processors to operate Repgrit:

  • Hetzner (hosting provider): we host our backend infrastructure (including a self-hosted Supabase stack) on Hetzner VPS in the EU.
  • Groq / OpenRouter: LLM APIs used, via our backend proxy, to parse workout notes and assist import.
  • Apple: App Store distribution, payments, and subscription infrastructure (StoreKit).
  • Plausible Analytics: website analytics on repgrit.com only if you opt in.

We do not sell your personal data and we do not use third-party advertising SDKs.

7. International Transfers

Our primary application hosting is in the EU. However, some service providers we use for specific features may process data outside the EEA.

In particular, if you use AI features, the relevant workout or import text may be processed by Groq or OpenRouter, which are U.S.-based providers. This means personal data included in that text may be transferred to and processed in the United States.

Where required, we rely on appropriate safeguards for such transfers, such as contractual commitments and the European Commission's Standard Contractual Clauses (SCCs).

8. Retention & Deletion

  • We retain synced data while your account is active.
  • We retain backend subscription entitlement state while needed to provide Pro access and sync subscription status.
  • You can delete your account in the app (Settings → Delete Account). This deletes your Supabase user account and, via cascading deletion, your profile and synced workouts.
  • On-device data can be removed by deleting the app from your device.
  • Website analytics cookies and consent state are managed through the website cookie controls.

Operational backups may retain data for a limited period after deletion. Backup retention: 30 days.

9. Security

We apply reasonable technical and organizational measures, including:

  • Encryption in transit (HTTPS/TLS)
  • Access controls and least-privilege access
  • Row Level Security (RLS) in the database to restrict data access to the authenticated user
  • Server-side handling of AI provider credentials rather than embedding them in the iOS client

10. Your Rights

Where applicable, you have rights including:

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction (Art. 18)
  • Portability (Art. 20)
  • Objection (Art. 21)
  • Withdrawal of consent (where consent is used)

To exercise rights, use in-app tools (export/delete) or contact support@repgrit.com. We may need to verify your identity and will respond within the legally required timeframe (typically 1 month under GDPR).

You also have the right to lodge a complaint with your local supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (UOOU).

11. Children's Privacy

Repgrit is not directed to children. If you are under the age required in your country to use online services, use Repgrit only with parent or guardian permission. We do not knowingly collect personal data from children in violation of applicable law.

12. Medical Disclaimer

Repgrit is NOT medical advice. The app is for informational and tracking purposes only. Always consult a healthcare professional before starting or changing an exercise routine. Use of Repgrit is at your own risk.

13. Changes

We may update this Privacy Policy from time to time. We will update the effective date above and, where required, provide notice in the app or on our website.

14. Contact

Questions or requests: support@repgrit.com