GDPR Compliance & Privacy
Repetitions.ai is built with privacy first. Here's exactly how we handle your data.
Last updated: April 2026
1. Who we are
Repetitions.ai is a fitness tracking and AI coaching platform. We help individuals log workouts, connect with gyms, and get personalised coaching — all powered by AI.
As the data controller, we are responsible for your personal data and take that responsibility seriously.
Data controller contact
[email protected]If you are located in the EU or UK, all GDPR protections apply to you. We are committed to upholding your rights under the GDPR and UK GDPR.
2. Data we collect
We only collect what we need to run the service. Here's the full picture:
| Data | Why we collect it | Legal basis | How long |
|---|---|---|---|
| Name & email | Account creation | Contract | Until you delete your account |
| Workouts & sets | Core service | Contract | Until you delete your account |
| Wearable data (heart rate, sleep, readiness) | AI coaching | Explicit consent | Until you revoke consent |
| GPS location | Find nearby gyms | Explicit consent | Session only — never stored |
| Chat messages | Community features | Contract | Until deleted by you |
| AI conversation history | Personalisation | Legitimate interest | 30 days |
| IP address | Security & abuse prevention | Legitimate interest | 7 days |
3. Your rights
Under GDPR, you have the following rights. You can exercise all of them directly in the app — no need to email us.
Right to Access
Download a full copy of everything we hold about you.
Right to Erasure
Delete your account and every piece of data tied to it — permanently.
Right to Rectification
Correct or update any inaccurate personal information at any time.
Right to Portability
Export your workout history and health data as a portable JSON file.
Right to Object
Opt out of any marketing communications — no questions asked.
Right to Withdraw Consent
Disconnect wearables and revoke health data access at any time.
4. Third-party processors
We use a small, carefully selected set of third-party services. We never sell your data.
5. Corporate customers
If your employer uses Repetitions.ai, here's exactly what they can and cannot see:
- • Total workouts logged by the team
- • Challenge participation rates
- • Aggregate wellness scores
- • Leaderboard rankings (if you opt in)
- • Your individual workout details
- • Your wearable or health data
- • Your AI coaching conversations
- • Your personal messages or profile
Data Processing Agreement (DPA): If your company requires a formal DPA for GDPR compliance, we're happy to provide one. Email [email protected] and we'll get it sorted.
6. Security measures
We take security seriously. Here's what we do to protect your data:
All data encrypted in transit (TLS 1.3)
Passwords hashed with SHA-256 — we never see your plaintext password
JWT-based authentication — short-lived tokens
Edge runtime — no centralised server storing your data
Cloudflare infrastructure with EU data residency options
7. Contact & complaints
We're here to help, and we take your rights seriously.
Contact us
For any privacy question or GDPR request, email us. We respond within 30 days as required by GDPR.
[email protected] →Right to complain
If you're unhappy with how we handle your data, you have the right to lodge a complaint with your national supervisory authority:
- 🇬🇧 UK → ICO (ico.org.uk)
- 🇫🇷 France → CNIL
- 🇮🇹 Italy → Garante
- 🇩🇪 Germany → BfDI
© 2026 Repetitions.ai