Privacy

← Home

Privacy Policy

Last updated: 9 July 2026

The short version

Build without an account and your workout never leaves your browser — drafts live in your browser's local storage, and .FIT files are generated on your device. We collect data only when you sign in or pay, and we collect the minimum: your email, your saved workouts, and (via Paddle) your purchase. No ads, no tracking cookies, no selling data.

What we collect and why

  • Account: your email address, and — if you sign in with Google — your name and profile picture. Used to sign you in and identify your library.
  • Saved workouts: stored only if you press Save, so they can appear on your other devices. Delete them any time.
  • Payments: handled entirely by Paddle. We never see your card details; we receive only your entitlement (what you bought) and the email it belongs to.
  • Server logs: standard request logs (IP address, user agent) kept briefly by our hosting provider for security and debugging.

Cookies

One session cookie when you sign in, plus short-lived cookies needed to make sign-in work (CSRF protection). No advertising or cross-site tracking cookies.

Who processes it

VercelHosting and server infrastructure
NeonDatabase (accounts and saved workouts)
GoogleOptional sign-in with Google
ResendSending sign-in link emails
PaddlePayments (merchant of record)

Retention and deletion

Your account and saved workouts are kept until you delete them or ask us to. Email support@getrepfit.com from your account address and we'll delete your account and everything attached to it.

Your rights

Under UK GDPR you can request a copy of your data, correction, or deletion. Email support@getrepfit.com — there's not much to export, and we'll turn requests around quickly.

Changes

If this policy changes materially, we'll say so on the site. The date at the top always reflects the current version.