Rep Log

Privacy Policy

Last updated: May 13, 2026

We built Rep Log to help you track your training and nutrition — not to monetise your personal data. This policy explains what we collect, why, and how you can control it. It applies to both our web app at rep-log.com and our iOS application.

1. What we collect

  • Account info — your email address, collected when you sign up via email, Google, or Apple. With "Sign in with Apple" you can choose to share your real email or use Apple's private relay address (a forwarding address that hides your real email). Either way, we only receive the email you authorise Apple to share. On first sign-in only, Apple may also share your name if you choose to.
  • Fitness & nutrition data — workouts, sets, reps, weights, meals, and nutrition logs that you enter yourself.
  • Health data (Apple Health / HealthKit) — if you enable HealthKit on iOS, we may read steps, active calories, resting calories, body weight, and workout data, and we may write workouts you log in Rep Log back to Apple Health. HealthKit data is processed only on your device and synced to your Rep Log account; it is never used for advertising or sold. You can revoke HealthKit permissions at any time in iOS Settings → Privacy & Security → Health → Rep Log.
  • Photos for AI features — if you use AI meal scan, or AI label scan (the barcode fallback for foods we haven't seen before), the photo you take is sent to Google's Gemini AI for analysis and is not stored on our servers after analysis completes.
  • Usage analytics — pages visited, features used, and session duration, collected via PostHog to help us understand how the app is being used.
  • Crash & performance diagnostics — if the app crashes or hits an error, we collect a crash report (stack trace, app version, iOS version, device model) via Sentry to help us diagnose and fix bugs. Diagnostic reports do not contain your email, workout content, or meal photos. You can disable diagnostics at any time in iOS Settings → Privacy → "Share diagnostic data".
  • Device info — browser type or iOS version, operating system, device model, and approximate location (country level), collected by PostHog. On iOS we do not collect IDFA (Identifier for Advertisers) and do not track you across other apps or websites.
  • Push notification tokens (iOS) — if you enable notifications, we store your Apple Push Notification (APNs) token to send you reminders and updates. You can disable notifications at any time in iOS Settings.
  • Voice input (iOS) — when you use voice-to-text to log a workout or meal, speech recognition runs on-device using iOS's built-in SFSpeechRecognizer. Audio never leaves your iPhone — only the transcribed text reaches Rep Log. You can disable microphone access at any time in iOS Settings → Privacy & Security → Microphone → Rep Log.
  • Barcode scans & product contributions — when you scan a food barcode, we look it up in our public product cache, then in Open Food Facts (a third-party open database). If the product isn't found in either, the photo of the label is sent to Google Gemini to extract nutrition info; the extracted product data is then saved back to our public cache so the next user benefits. Cached product entries are anonymous — they are not tied to your user ID.
  • Subscription status — if you subscribe to Rep Log Pro, we store your subscription tier (free or pro), expiration date, and Apple's original transaction ID so the app knows what to unlock. Payment details are handled by Apple — see "Third-party services" below.

2. How we use your data

  • To provide the core app functionality — storing and showing your workouts and nutrition.
  • To improve the app — PostHog analytics tell us which features are used and which aren't.
  • To respond to support requests when you contact us.
  • To send you push notifications you've opted into (workout reminders, weekly summaries).

We never sell your data. We never use your data for advertising — ours or anyone else's. We never share HealthKit data with third parties.

3. Where your data is stored

Your data is stored on Supabase infrastructure in Frankfurt, Germany (EU region). This means your data is subject to EU GDPR protections regardless of where you live. Some processing (e.g., AI analysis) may involve servers in other regions — see "Third-party services" below.

4. Third-party services

  • Supabase — our database and authentication provider. Your account and all fitness data are stored on Supabase infrastructure in the EU. Supabase Privacy Policy
  • Apple — optional sign-in only. If you use "Sign in with Apple", Apple authenticates you and shares either your real email or a private relay email, plus your name (only on first sign-in if you choose to share it). We do not receive any other Apple account data. Apple Privacy Policy
  • Google — optional sign-in only. If you use "Sign in with Google", Google authenticates you and shares your email and name with us. We do not receive any other Google account data.
  • PostHog — product analytics. PostHog collects anonymous usage events to help us improve the app. No personally identifiable data is shared in analytics events beyond your user ID. PostHog Privacy Policy
  • Sentry — crash and error reporting. When the app crashes or encounters an error, Sentry receives the stack trace, app/iOS version, device model, and a truncated IP address. We strip personal data (email, tokens) before sending. Sentry retains diagnostic data for 90 days. Sentry Privacy Policy
  • Google Gemini — AI analysis. We use Gemini for four optional features: (a) AI meal scan — photo of your plate → macros; (b) AI label scan — fallback when a barcode isn't in our cache or Open Food Facts (photo of the label → product nutrition); (c) AI workout generator — your prompt → a workout plan; (d) AI Coach chat — your chat messages plus the conversation history we store for context. Photos are not retained by Rep Log after processing; Google's retention policy applies during processing. No personally identifiable information is sent to Gemini beyond what you choose to include in your input. All four features are optional and can be disabled in Settings. Google AI Privacy Policy
  • Open Food Facts — open, crowd-sourced food database. When you scan a barcode that isn't in our cache, we query Open Food Facts to look it up. The only thing sent is the barcode number — no personal data, no user ID. Open Food Facts Terms
  • Apple Push Notification Service (APNs) — used to deliver push notifications on iOS. Apple processes the delivery; notification content passes through Apple's infrastructure but is not retained by Apple beyond delivery. Apple Privacy Policy
  • Apple App Store & In-App Purchases — Rep Log Pro is available as an auto-renewing subscription via the App Store: Rep Log Pro Monthly ($9.99 / month) or Rep Log Pro Yearly ($49.99 / year). Payment is processed entirely by Apple — we never see your credit card or billing details. After a successful purchase we receive and store only your subscription tier, expiration date, and Apple's original transaction ID, so the app knows what to unlock. Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current period (Apple's standard terms). You can cancel anytime via iPhone Settings → Apple ID → Subscriptions. Refunds are handled by Apple at reportaproblem.apple.com — Rep Log cannot process refunds directly. App Store Standard EULA

5. Data retention & deletion

  • Your data is stored for as long as your account is active.
  • You can delete all your workout and nutrition data at any time from Settings → Delete Data.
  • You can permanently delete your account and all associated data from Settings → Delete Account in the iOS app or web app. This is irreversible and takes effect within 30 days.
  • HealthKit permissions can be revoked at any time in iOS Settings without deleting your Rep Log account.
  • If you revoke "Sign in with Apple" access in iOS Settings, you will be signed out of Rep Log on all devices and will need to sign in again to access your data.

6. Your rights

EU / Israel users (GDPR & Israeli Privacy Protection Law)

  • Access your data — everything you've logged is visible in the app.
  • Export your data — use the Export feature to download your workouts and nutrition.
  • Delete your data — use "Delete Data" or "Delete Account" in Settings.
  • Correct your data — edit any entry directly in the app.
  • Object to processing — contact support@rep-log.com and we will stop processing your data.
  • Lodge a complaint — you may complain to your local data protection authority (e.g., the Israeli Privacy Protection Authority or your national EU regulator).

California users (CCPA / CPRA)

  • Right to know — what personal information we collect about you (described in section 1 above).
  • Right to delete — request deletion of your personal information.
  • Right to opt out — we do not sell your personal information, so there is nothing to opt out of.
  • Right to non-discrimination — exercising any of these rights will not affect your access to Rep Log.
  • To exercise any right, contact support@rep-log.com.

7. Children's privacy

Rep Log is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact support@rep-log.com.

Users between 13 and 16 may need parental consent in some jurisdictions before creating an account.

8. Cookies & tracking

  • We use a PostHog cookie on the web app to identify your session across page navigations. This is a functional analytics cookie, not an advertising cookie.
  • The iOS app does not use cookies but uses similar local storage for session continuity.
  • No advertising cookies or third-party tracking pixels are used.
  • We do not use Apple's Identifier for Advertisers (IDFA) and do not track you across other apps or websites.
  • To opt out of analytics, contact support@rep-log.com, or on iOS toggle off "Share diagnostic data" in Settings → Privacy.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top and, for material changes, notify you via email or an in-app notice. Continuing to use Rep Log after changes are posted means you accept the updated policy.

10. Contact us

Questions about this policy or your data? We're happy to help.

  • Email: support@rep-log.com
  • Website: rep-log.com
Rep Log
© 2026
FAQPrivacyTermsSupport