Privacy
← HomePrivacy Policy
Last updated: 9 July 2026
The short version
Build without an account and your workout never leaves your browser — drafts live in your browser's local storage, and .FIT files are generated on your device. We collect data only when you sign in or pay, and we collect the minimum: your email, your saved workouts, and (via Paddle) your purchase. No ads, no tracking cookies, no selling data.
What we collect and why
- Account: your email address, and — if you sign in with Google — your name and profile picture. Used to sign you in and identify your library.
- Saved workouts: stored only if you press Save, so they can appear on your other devices. Delete them any time.
- Payments: handled entirely by Paddle. We never see your card details; we receive only your entitlement (what you bought) and the email it belongs to.
- Server logs: standard request logs (IP address, user agent) kept briefly by our hosting provider for security and debugging.
Cookies
One session cookie when you sign in, plus short-lived cookies needed to make sign-in work (CSRF protection). No advertising or cross-site tracking cookies.
Who processes it
| Vercel | Hosting and server infrastructure |
| Neon | Database (accounts and saved workouts) |
| Optional sign-in with Google | |
| Resend | Sending sign-in link emails |
| Paddle | Payments (merchant of record) |
Retention and deletion
Your account and saved workouts are kept until you delete them or ask us to. Email support@getrepfit.com from your account address and we'll delete your account and everything attached to it.
Your rights
Under UK GDPR you can request a copy of your data, correction, or deletion. Email support@getrepfit.com — there's not much to export, and we'll turn requests around quickly.
Changes
If this policy changes materially, we'll say so on the site. The date at the top always reflects the current version.