Privacy Policy

2.1 Personal Information

• Account Information: Name, email address, date of birth, profile picture, gender
• Fitness Data: Workout plans, exercise history, progress tracking, health metrics
• Social Features: Profile information, following relationships, public posts, comments
• Communication: Messages, support requests, feedback

2.2 Technical Information

• Device Information: Device type, operating system, unique device identifiers
• App Usage Data: Features used, time spent, interaction patterns
• Performance Data: App crashes, error logs, performance metrics
• Location Data: General location (if you enable location-based features)

2.3 Automatically Collected Information

• Cookies and Tracking: We use cookies and similar technologies to enhance your experience
• Analytics Data: Aggregated usage statistics and app performance metrics
• Log Files: Server logs, IP addresses, browser type, access times

3.1 Primary Purposes

• Service Provision: To provide and improve our fitness tracking services
• Personalization: To personalize your experience and provide relevant features
• AI Coaching: To power our AI-powered fitness recommendations and coaching
• Social Features: To enable community interactions and social networking

3.2 Business Operations

• App Development: To analyze app usage and improve functionality
• Customer Support: To respond to your inquiries and provide assistance
• Communication: To send you updates about app development and launch
• Security: To protect against fraud, abuse, and security threats

3.3 Legal Basis for Processing (EU Users)

We process your data based on:

• Contract Performance: To provide the services you requested
• Legitimate Interests: To improve our services and ensure security
• Consent: For marketing communications and optional features
• Legal Obligations: To comply with applicable laws and regulations

4.1 Security Measures

• Encryption: Your personal information is encrypted in transit and at rest
• Access Controls: Access to your data is limited to authorized personnel only
• Regular Audits: We regularly review and update our security practices
• Industry Standards: We implement industry-standard security measures

4.2 Data Breach Response

• Immediate Action: We will take immediate action to contain any security breach
• Notification: We will notify affected users and authorities as required by law
• Investigation: We will investigate and take steps to prevent future breaches
• Support: We will provide support to affected users

5.1 What We Don't Share

• No Sale: We do not sell, trade, or rent your personal information to third parties
• No Unauthorized Access: We do not provide third parties with access to your personal data

5.2 What We May Share

• Service Providers: With trusted service providers who help us operate our app
• Legal Requirements: If required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Aggregated Data: Anonymized, aggregated data for research and analytics

5.3 Third-Party Services

• Analytics: Firebase Analytics
• Cloud Services: Google Cloud Platform (Firebase)
• Authentication: Firebase Authentication
• Database: Cloud Firestore
• Storage: Firebase Cloud Storage
• Hosting: Firebase Hosting
• Functions: Firebase Cloud Functions

6.1 Retention Periods

• Account Data: Retained while your account is active
• Fitness Data: Retained for 7 years for health and safety purposes
• Social Content: Retained while your account is active
• Technical Logs: Retained for 12 months for security and debugging

6.2 Data Deletion

• Account Deletion: You can request complete account deletion
• Data Portability: You can request a copy of your data
• Right to be Forgotten: EU users have the right to erasure
• Retention Exceptions: Some data may be retained for legal obligations

7.1 General Rights

• Access: View and review your personal information
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format

7.2 EU User Rights (GDPR)

• Right to Access: Know what personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing

7.3 How to Exercise Your Rights

• Contact Us: Email support@repeight.com with "Privacy Request" in the subject
• Response Time: We will respond within 30 days
• Verification: We may need to verify your identity
• No Fee: These requests are free of charge

8.1 Data Processing Locations

• Primary Location: United Kingdom (post-Brexit)
• Firebase Services: Data processed by Google Cloud Platform servers worldwide
• EU/EEA: Firebase may process data in EU countries for performance
• Third Countries: Some data may be processed in countries outside the EU/EEA via Firebase

8.2 Transfer Safeguards

• Google Cloud Compliance: Firebase operates under Google Cloud's comprehensive compliance programs
• Standard Contractual Clauses: Google Cloud uses EU-approved data transfer agreements
• Adequacy Decisions: We only transfer to countries with adequate data protection
• Certification Schemes: Google Cloud maintains ISO 27001, SOC 2, and GDPR compliance

9.1 Age Restrictions

• Minimum Age: Our app is not intended for children under 13
• No Collection: We do not knowingly collect personal information from children under 13
• Parental Consent: Users under 18 must have parental or guardian consent

9.2 COPPA Compliance

• Verification: We take reasonable steps to verify user age
• Parental Rights: Parents can review, delete, or refuse further collection
• Contact: Parents can contact us at support@repeight.com

10.1 Types of Cookies

• Essential Cookies: Required for app functionality and Firebase services
• Analytics Cookies: Firebase Analytics cookies to help us understand app usage
• Preference Cookies: Remember your settings and preferences
• Authentication Cookies: Firebase Authentication cookies for secure login

10.2 Cookie Management

• Device Settings: Control cookies through your device preferences
• Firebase Analytics Opt-out: You can opt out of Firebase Analytics tracking
• Authentication Required: Firebase Authentication cookies are essential for app functionality
• Impact of Disabling: Disabling cookies may prevent login and core app features from working

11.1 Types of Communications

• Service Updates: Important information about our services
• Marketing: News about new features and promotions
• Newsletters: Fitness tips and community updates
• Transactional: Account-related notifications

11.2 Opt-out Options

• Email Preferences: Manage your email preferences in your account
• Unsubscribe: Click unsubscribe links in marketing emails
• Account Settings: Control notifications in your app settings
• Contact Us: Email support@repeight.com to opt out

12.1 Policy Updates

• Regular Review: We review this policy regularly
• Material Changes: We will notify you of significant changes
• Version Control: Each version is dated and versioned
• Continued Use: Continued use constitutes acceptance of changes

12.2 Notification Methods

• In-App Notifications: Push notifications for significant changes
• Email Notifications: Direct emails for material changes
• Website Updates: Updated policy posted on our website
• Social Media: Announcements on our social media channels

13.1 Privacy Inquiries

• Email: support@repeight.com
• Subject Line: Include "Privacy Request" for data rights
• Response Time: We aim to respond within 30 days
• Escalation: Contact our Data Protection Officer if needed

13.2 Company Details

• Company: RepEight
• Registration Number: 16630504
• Registered Address: 128 City Road, London, United Kingdom, EC1V 2NX
• Jurisdiction: England and Wales, United Kingdom

13.3 Regulatory Contacts

• UK ICO: Information Commissioner's Office
• EU Supervisory Authorities: Your local data protection authority
• Breach Reporting: We report breaches as required by law

14.1 Applicable Laws

• UK Law: Data Protection Act 2018 and UK GDPR
• EU Law: General Data Protection Regulation (GDPR)
• International: Applicable local data protection laws
• Industry Standards: Fitness and health app regulations

14.2 Compliance Measures

• Regular Audits: We conduct regular privacy audits
• Staff Training: Our team receives privacy training
• Policy Updates: We update policies as laws change
• Third-party Reviews: We review third-party compliance

15.1 Fitness and Health Data

• Special Category Data: Some fitness data may be considered sensitive
• Health Professionals: We do not provide medical advice
• Data Accuracy: You are responsible for the accuracy of your data
• Emergency Situations: We may share data in emergency situations

15.2 Social Features

• Public Content: Some content you post may be publicly visible
• Community Guidelines: Content must comply with our community standards
• Moderation: We actively moderate content for safety
• Reporting: Users can report inappropriate content

15.3 AI and Machine Learning

• Personalization: We use AI to personalize your experience
• Data Training: Your data may be used to improve our AI systems
• Transparency: We are transparent about AI decision-making
• Human Oversight: AI systems have human oversight and review