Privacy Policy

Last updated: March 30, 2026

REPMAX ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and website (collectively, the "Service").

1. Information We Collect

Account Information: When you create an account, we collect your email address, display name, and password (stored securely via Supabase Auth with bcrypt hashing).

Profile Data: Training preferences you provide during onboarding, including fitness goals, experience level, training schedule, preferred split, and available equipment.

Workout Data: Exercise logs, sets, reps, weights, workout duration, and performance metrics you input while using the Service.

Social Data: Friend connections, training invites, nudges, and messages exchanged through the social features.

Usage Data: We automatically collect device type, browser type, pages viewed, and interaction patterns through Firebase Analytics.

Waitlist Data: If you join our waitlist, we collect your email address to notify you when access is granted.

2. How We Use Your Information

To provide, operate, and maintain the Service
To generate AI-powered personalized workout programs based on your training data
To track your fitness progress and display statistics
To enable social features (friend connections, training invites, nudges)
To send you notifications about friend requests, training invites, and workout reminders (with your consent)
To process subscription payments (when available)
To improve the Service through aggregated, anonymized analytics
To communicate important updates about the Service

3. Data Storage and Security

Your data is stored securely on Supabase (hosted on AWS infrastructure) with Row Level Security (RLS) policies ensuring users can only access their own data. Authentication is handled through Supabase Auth with industry-standard encryption.

We implement the following security measures:

All data transmitted over HTTPS/TLS encryption
Passwords hashed with bcrypt (never stored in plaintext)
Row Level Security on all database tables
JWT-based authentication tokens with expiration
API keys restricted to client-safe operations only

4. Third-Party Services

We use the following third-party services:

Supabase: Database, authentication, and real-time features
Firebase (Google): Push notifications via Firebase Cloud Messaging, and analytics via Firebase Analytics
OpenRouter: AI model routing and inference for workout program generation and AI Coach
Vercel: Web application hosting and CDN

Each third-party provider has its own privacy policy. We encourage you to review them.

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We only share data:

With your explicit consent
With connected friends (limited to display name, workout count, and subscription status)
With third-party service providers necessary to operate the Service (as listed above)
If required by law or to protect our legal rights

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all associated data (profile, workouts, programs, social connections) is permanently deleted from our systems within 30 days.

7. Your Rights

You have the right to:

Access: Request a copy of your personal data (available via Settings > Export Data)
Correction: Update your profile information at any time
Deletion: Delete your account and all associated data (available via Settings > Delete Account)
Portability: Export your workout data as CSV
Withdraw Consent: Disable notifications or revoke permissions at any time

8. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@repmax.app