Privacy Policy
Last updated: June 9, 2026
RepForm AI ("the App," "we," "us") respects your privacy. This policy explains, in detail, what data we collect, how we use it, who we share it with, how long we keep it, and what rights you have.
1. Summary (Plain English)
- We don't collect your name, address, phone number, or location.
- We DO collect your email (for sign-in) and the workout / form-analysis data you create by using the App.
- When you record a set, the App captures a short video locally on your device, extracts a small number of still frames from it, and sends only those frames to our AI provider for analysis. The full video is discarded after frame extraction and never leaves your device, and we never store those frames on our own servers.
- Those frames are images of your body (and may include your face). Before your FIRST recorded set, we ask for your explicit, separate permission — apart from these terms — to send them for analysis. You can decline and still use the App's manual features, and you can withdraw permission anytime in Settings → Privacy.
- We strip obvious personal information from free-text fields before sending. We don't pass your name or a stable user identifier to our AI provider.
- Our AI provider does not train its AI models on the data we send through its API, and retains API inputs/outputs for up to 30 days for safety and abuse monitoring, then deletes them. Our full retention and destruction schedule is in §6(b).
- You must be at least 16 to use the App. We don't sell your data and we don't share it for advertising.
- You can delete everything we have about you at any time via Settings → Delete Account.
The rest of this policy is the detailed version. Please read it.
2. What We Collect
(a) Account information
- Email address (for authentication and account recovery)
- A unique account identifier generated by your sign-in provider (Apple or Supabase Auth)
- A password hash (Email sign-in only — we never see or store your plaintext password; Supabase Auth handles the salted password hash)
- Subscription status from RevenueCat (active / trial / free, expiry, product ID)
- A record of which version of these Terms and Privacy Policy you accepted, with the timestamp and method (signup-checkbox or implicit-continued-use). Stored in your account metadata.
(b) Profile information you provide during onboarding
All optional; you can edit or remove via Settings.
- Age, gender (used for program personalization and gender-applicable cues)
- Height (inches) and bodyweight (lb), if you choose to enter them
- Training goal (strength, hypertrophy, weight loss, general fitness)
- Experience level (beginner / intermediate / advanced)
- Equipment available, days per week, focus area
- Optional free-text equipment notes (e.g., “have a barbell at home,” “no pull-up bar”) used to personalize program generation
- Free-text "anything else" notes
- Injury profile: body regions, severity (active pain / caution / history), optional notes
- Cycle-tracking opt-in (shown to all users; gated on a “do you menstruate?” question, not on gender; off by default)
(c) Training & form-analysis data
Created as you use the App.
- Exercise sets: weight, reps, RPE (effort), timestamps
- Per-rep form analysis output: form scores, severity classifications, coaching cues, and matched corrections
- Saved correction history per exercise
- AI-generated programs, program updates, corrective protocols, coaching plans
- Coach-question history (the question you asked + the answer)
- Pain-check submissions: body regions reported with status (better / same / worse) and dates
- Bodyweight log entries (date + weight) if you use the weight-tracking feature
- Cycle-start dates if you opt into cycle tracking — see §6 for the special handling
- Mobility-check assessments (the still frames you record for the screening movement, the AI findings, your injury context at the time of the screen)
(d) Camera frames sent for AI analysis
- During a recorded set, the App captures a short video locally on your device, then extracts a small number of still frames from it. The frames are downsized and compressed before transmission.
- These frames are transmitted to our AI provider for analysis along with your training context. They are not continuously uploaded; only frames from sets you explicitly record.
- The full video file is created temporarily on your device's local storage to enable frame extraction. It is deleted after extraction completes — typically within seconds. The video itself never leaves your device.
- Mobility-check assessments use the same pipeline: a few still frames extracted from a brief on-device recording, sent to our AI provider with your injury profile and age for analysis.
- Sending these frames is gated by a separate, explicit consent you give before your first recording (see §6(b)). It is independent of your subscription and of your acceptance of these terms. You can withdraw it anytime in Settings → Privacy; withdrawing stops any further frames from being sent, and you keep access to the App's manual logging, charts, and on-device features.
(e) Device & diagnostic information
- Device model and OS version (used by crash reports and the rep counter for compatibility)
- App version and EAS Update channel
- Crash and error events (collected by Sentry — see §4)
- Operational telemetry from AI calls (latency, token counts, success/failure outcome) — see §3(c)
(f) Information we DO NOT collect
- We do NOT collect your name. We request only the EMAIL scope from Apple Sign-In; we do not request your name and Apple never sends it to us.
- We do NOT collect your address, phone number, or location.
- We do NOT access your photo library, contacts, calendar, or files.
- We do NOT track your activity outside the App.
- We do NOT collect data from any other apps on your device.
- We do NOT use third-party advertising trackers, advertising IDs, or advertising SDKs (Google Analytics, Facebook SDK, etc.).
(g) iOS permission prompts you may see
The App and some third-party libraries it depends on declare iOS permission strings (Microphone, Location, Photo Library) at install time. You may see one or more permission prompts on first launch as a result. RepForm does NOT exercise these capabilities — we never record audio (the camera recording disables the microphone), we never access your location, and we never read your photo library. The corresponding iOS prompts may not appear at all, or may appear with library-required default copy explaining that the permission is declared by a dependency rather than used by us.
(h) Optional analysis feedback
When you tap “Give us feedback on this analysis” on a form-analysis result, we store: the checkpoint names you flagged (text labels from the analysis you saw), a categorical reason (“wrong fault,” “missed something,” or “cue unclear”), a snapshot of the analysis severity at submit time, and an identifier linking the feedback to the analysis you saw. This feedback stays in our database and is never sent to our AI provider. We use it internally to identify systematic grading errors and improve coaching quality. Feedback is associated with your account and is deleted when you delete your account.
(i) Per-checkpoint analysis records
Each time you record a set and our AI analyzes it, we store the analysis results the AI produced, together with your account and the exercise. This data stays in our database, is stored under access controls so only our systems can read or write it, and is never sent to any AI provider or other third party. We use it solely to monitor and improve coaching quality and to debug production issues. These rows are health-adjacent observation data — see §6(a) for the broader category — and are deleted with the rest of your account on deletion.
(j) Product analytics
We use PostHog (posthog.com), a product analytics service, to understand how users navigate the app and where improvements are needed. PostHog collects: in-app events (screens visited, features used, funnel steps completed), a stable user identifier linked to your account, and general device characteristics (operating system, app version). PostHog data is stored in the United States and is subject to PostHog’s privacy policy. PostHog never receives your exercise video frames, free-text you enter, or personal health data. To opt out of analytics data collection, enable Settings → “Disable analytics.” Your preference is honored immediately on-device; no further events are sent until you re-enable. Your preference is stored on your device; if you delete and reinstall the App, it resets to the default (analytics on) and a fresh anonymous analytics identity is created.
(k) Biometric sign-in (opt-in via Settings)
When you enable Face ID / Touch ID quick-sign-in, the App stores a refresh-token snapshot in your device’s secure keychain (iOS Keychain via expo-secure-store). The credential is local to your device, never transmitted to our servers beyond the normal authentication flow that all sign-ins go through, and only readable after successful biometric authentication. It is cleared automatically when you sign out, when a different account signs in on the same device, or when you turn the toggle off in Settings. It is used only to restore your session — not for any other purpose. Biometric authentication itself (the face / fingerprint match) is performed by iOS on-device and we never receive the biometric data.
3. How We Use Your Data
We use your data only to provide and improve the service:
(a) Core service operations
- Authenticate you and keep you signed in
- Display your training history, programs, and progress charts
- Run the on-device rep counter and pose detection
- Sync your data between devices when you sign in on another phone
(b) AI-powered features
- Generate personalized training programs (sends your profile + injuries + goals to our AI provider; no email, no name, no stable user ID)
- Analyze your form (sends still frames + exercise context + a small profile summary to our AI provider)
- Answer coach questions (sends your question + recent training context to our AI provider)
- Generate corrective protocols, weekly / block summaries
- Periodically generate a consolidated coaching summary from your recent training data (corrections, injury profile, and program) so the App can focus on what to work on next.
- Mobility check (sends a few still frames + your injury profile + your age to our AI provider for screening assessment)
PII redaction before AI calls. Before any free-text field (training notes, coach questions, regenerate notes) is sent to our AI provider, the App passes it through a filter that removes common personal-information patterns (such as email addresses, phone numbers, and long numeric sequences). This is best-effort defense against accidental PII leakage; users should still avoid pasting personal information into free-text fields.
(c) Service health, diagnostics, and aggregate reporting
We collect operational telemetry on AI calls — latency, token counts, success/failure outcome, request identifier — and store it on our infrastructure alongside your account ID. This data is used to monitor service health, prevent abuse, enforce tiered usage limits, and tune costs. It is account-associated, not anonymous, because we need to identify abnormal per-user activity (cost spikes, abuse patterns) to keep the service reliable.
We also collect two narrow diagnostic streams: (1) rep-counting diagnostics — limited measurements of rep-counting accuracy (count data only, no exercise content); and (2) AI-call failure events — the feature involved, error type, and timestamp for any AI call that didn’t complete successfully, used for production debugging. Both are associated with your account for diagnostic correlation, stored under access controls so only our infrastructure can read them, and deleted on account deletion alongside the rest of your data. Neither is sent to any third party.
We separately compute aggregate, de-identified product reports (e.g., "which exercises are most logged", "which AI calls fail most") that do not surface individual users.
Crash and error diagnostics are collected via Sentry (see §4(e)) and tagged with your account ID so a single user's crashes can be correlated for debugging. We configure Sentry to suppress request bodies, free-text inputs, and form-analysis output so that only error metadata is captured.
(d) What we do NOT do with your data
- We do NOT sell your data to anyone, ever.
- We do NOT share your data with advertisers.
- We do NOT use your data to train any AI model — ours or our providers'. Our AI provider's published policy is that customer data sent through its API is not used to train its models. We have not opted into any data-contribution program.
- We do NOT publish, share, or display your training data publicly. If we ever introduce features that let users publish content (such as shareable program templates), your individual training data will not be associated with them without your action.
4. Third-Party Services (Processors)
We use the following third parties to operate the service. Each is bound by its own privacy commitments and applicable data-protection law.
(a) Supabase (database, authentication, edge functions)
- Receives: account credentials (email + password hash), profile, training history, sets, programs, injury profile, pain logs, coach question history, weight logs, mobility-check assessments, coaching plans, operational telemetry, request-deduplication cache.
- Purpose: durable storage, sync between devices, server-side authentication and rate limiting.
- Location: US (default region). Data is encrypted in transit (TLS) and at rest.
(b) Third-party AI provider (automated AI analysis of camera images and text)
- Receives: still camera frames extracted from the sets you record (and from a brief mobility-check recording), training context relevant to the request, your free-text notes (after PII redaction). Specifically does NOT receive: your email, account name, Apple/Google identifier, or any stable user ID linkable to your account.
- Purpose: process AI prompts and return form analysis, training program generation, corrective protocols, coach answers, and mobility-check findings.
- Retention: the provider retains API request/response data for up to 30 days for trust-and-safety review, then deletes it. It does NOT use customer API data to train its models.
- Location: US.
- We identify our AI provider, and any other current sub-processor, by category in this policy. We will identify the specific provider on request — contact support@repformai.com.
(c) RevenueCat (subscription management)
- Receives: an internal RepForm user identifier (so subscription state can be linked to your account across devices), the App's bundle ID, and Apple-issued or Google-issued original transaction IDs to verify entitlement.
- Purpose: cross-platform subscription state, entitlement checks, subscription analytics.
- Does NOT receive: training data, form analysis output, profile details beyond entitlement.
(d) Apple (sign-in)
For Apple Sign-In: handles the OAuth identity-token flow. Apple knows you are signing into RepForm AI; we receive your Apple ID-issued unique user identifier and your email (only if you grant Apple the email scope at sign-in). We request ONLY the email scope — we do not request your name and Apple never sends it to us. We never see your Apple ID password.
(e) Sentry (crash and error reporting)
- Receives: crash stack traces, error events with redacted breadcrumbs, your account ID for correlating crashes within an account, device model, OS version, app version. We configure Sentry to suppress request bodies, free-text inputs, and form-analysis output so that only structured error metadata flows to Sentry. We also strip email addresses, usernames, and IP addresses from Sentry events defensively in a beforeSend hook, even though those fields are not intentionally set elsewhere in our client code.
- Purpose: identifying and fixing app crashes and bugs.
- Retention by Sentry: 90 days by default for our event-data plan.
5. Data Retention
We retain your data as follows:
- Account, profile, training history, programs, injury profile, pain logs, weight log, coach-question history, coaching plans, mobility-check assessments: retained while your account is active. Permanently deleted within 30 days of account deletion.
- Camera frames sent for analysis (both form analysis AND mobility check): NOT stored on our servers at any point — we transmit them, receive the analysis, and discard them. Our AI provider retains them up to 30 days for safety review per its policy, then deletes. The full per-data-type schedule is in §6(b).
- The form-analysis OUTPUT (score, corrections, severity) is stored on the saved-set record on your account indefinitely; this is part of your training history.
- Operational AI telemetry (latency, token counts, outcomes) and request-deduplication cache: retained for service-health and abuse-monitoring purposes for up to 90 days, then aggregated or purged.
- Crash reports (Sentry): 90 days, then automatically purged.
- Subscription transactions (RevenueCat / Apple): per the platform store's retention policy (typically multi-year for tax / refund purposes).
Standing destruction commitments:
- We do NOT store the camera frames on our own infrastructure at any point.
- We will permanently delete all account-associated personal data within 30 days of an account-deletion request, except where a longer period is required by law (e.g., store transaction records held by Apple or Google).
- We will destroy biometric / body-image data when the purpose for which it was collected has been satisfied or within the periods above, whichever occurs first.
You can request deletion at any time. See §7. The full per-data-type retention and destruction schedule is in §6(b).
6. Special Categories of Data
(a) Health and wellness data
The training data, injury profile, pain reports, weight log, mobility-check assessments, form-analysis output, optional analysis feedback (§2(h)), and per-checkpoint analysis records (§2(i)) you create with the App are health-adjacent or wellness data. They are NOT clinical / HIPAA-protected health information because RepForm AI is not a covered entity or business associate under HIPAA. We treat this data with the same security and consent standards as the rest of your account information, and we do not share it with any third party for purposes other than providing the service to you (see §4). The per-checkpoint analysis records and optional feedback specifically stay on our own infrastructure and are never sent to our AI provider. Some of this information may qualify as “consumer health data” under state laws such as Washington's My Health My Data Act and comparable Nevada and Connecticut laws. Where those laws apply, we collect and process this data only with your consent (see §6(b) for the camera-based feature), we do not sell it, and we do not share it for cross-context behavioral advertising.
(b) Biometric and body-image data, and your separate consent
The still frames the App sends for form analysis and mobility checks are images of your body, and may include your face.
- We do NOT create a faceprint, fingerprint, voiceprint, or other biometric identifier from these images, and neither we nor our AI provider use them to identify you. They are used only to generate coaching feedback for the set you recorded.
- Because images of your body are sensitive — and because some laws treat body-image or biometric-derived data as specially protected — we obtain your EXPLICIT, SEPARATE consent before your first recorded set, distinct from your acceptance of our Terms and from any subscription. The consent screen tells you what is captured, where it is sent, and how long it is kept.
- You can withdraw this consent at any time in Settings → Privacy, or by deleting your account. Withdrawing is as easy as granting: it immediately stops any further frames from being sent. You keep access to the App's manual logging, charts, and on-device features.
- We keep a dated record of your consent (and any withdrawal), tied to the version of the consent text you agreed to, so we can demonstrate when and to what you consented.
Retention and destruction schedule. This schedule is published here so you (and regulators) can see exactly how long each category is kept and how it is destroyed:
- Raw set video: device cache only, deleted within seconds of frame extraction. Never uploaded.
- Still frames sent for analysis (your body imagery): NEVER stored on our servers. Held by our AI provider for up to 30 days for safety review, then deleted. Not used to train AI models.
- On-device pose / skeletal data: held in device memory during recording only, discarded when you leave the screen.
- Form-analysis output (scores, corrections): stored on your account while it is active; deleted within 30 days of account deletion.
- Injury profile, pain logs, bodyweight and height: stored while your account is active; deleted within 30 days of account deletion.
- Cycle period-start dates: stored while your account is active. Turning cycle tracking off stops us from using them to compute your phase, but does not by itself delete them; you can delete individual entries in the cycle-history screen, and all cycle data is deleted within 30 days of account deletion (see §6(c)).
- Consent and legal-acceptance records: kept while your account is active as proof of consent; deleted with your account.
We destroy biometric / body-image data when the purpose for which it was collected has been satisfied or within the periods above, whichever comes first.
(c) Cycle-tracking data
Cycle-tracking is opt-in only and disabled by default. When enabled, you log period-start dates in the App.
- Cycle-start dates are stored ON YOUR DEVICE. Period-start dates are also synced to Supabase so they're available across your devices, encrypted in transit and at rest.
- We compute the current cycle phase ON YOUR DEVICE. Only the resulting phase label and cycle-day index are passed into AI prompts. Raw period-start dates and individual cycle entries are never sent to our AI provider.
- When you log a workout set while cycle tracking is enabled, the derived phase label and cycle-day number are attached to that set record (so the app can offer phase-appropriate progression suggestions and post-hoc insights). The raw period-start date is never attached — only the derived label and day index. These per-set phase tags are deleted with the rest of your training data on account deletion.
(d) Age requirement and children's data
The App is for users aged 16 and older. It is not intended for and may not be used by anyone under 16, and we do not knowingly collect data from anyone under that age. If you believe someone under 16 has created an account, contact us and we will close it and delete the associated data.
7. Your Rights
You have the following rights regarding your data:
- Access: view your data via the App. For a structured export, contact support@repformai.com — we will respond within 30 days, in line with GDPR Article 12 and CCPA timelines.
- Correct: edit your profile, injury list, training notes, and weight log directly in Settings.
- Delete: tap Settings → Delete Account. This permanently removes your account and all associated training data within 30 days. You can also email support to request deletion.
- Export: contact support@repformai.com for a JSON export of your training history. We will respond within 30 days.
- Opt out of AI features: Pro features that use AI (program generation, coach answers, etc.) are subscription-gated; you can use the App's non-AI features (manual workout logging, on-device pose-skeleton overlay, charts) without ever invoking an AI call.
- Withdraw form-analysis consent: turn off camera-based AI analysis at any time in Settings → Privacy, without deleting your account (see §6(b)).
- Withdraw consent generally: stop using the App and delete your account.
United States — California (CCPA / CPRA). If you are a California resident, you have the rights to: know the categories and specific pieces of personal information we collect and the purposes for collecting it; delete your personal information; correct inaccurate personal information; and not be discriminated against for exercising any of these rights. The categories of personal information we collect are described in §2: identifiers (email, account ID), internet/app activity (usage analytics), health and fitness information, user-generated content (including images of your set), and commercial information (subscription status). We use this information for the business purposes in §3. Some of it — your injury, pain, bodyweight, cycle, and form-analysis data — is “sensitive personal information”; we use it only to provide the service you requested and do not use it to infer characteristics about you. We do NOT sell your personal information and we do NOT share it for cross-context behavioral advertising. You may exercise these rights via Settings (correct/delete) or by emailing support@repformai.com with “CCPA Request” in the subject; you may use an authorized agent. We will not deny service, charge a different price, or provide a different level of service for exercising a privacy right.
United States — Washington, Nevada, Connecticut (consumer health data). If you are covered by Washington's My Health My Data Act or comparable Nevada or Connecticut laws, the health-related data described in §6(a) and the body-image data in §6(b) are “consumer health data.” We collect it only with your consent, do not sell it, and obtain your separate authorization before any sharing that those laws would require it for (we do not currently share it for any such purpose). You may withdraw consent and request deletion as described above and in §6(b). We maintain a separate Consumer Health Data Privacy Policy with the full detail.
Other US states. If you live in a state with a comprehensive consumer-privacy law (e.g., Virginia, Colorado, and others), you have comparable rights to access, delete, correct, and opt out of sale/targeted advertising. Contact support@repformai.com to exercise them; we honor these requests regardless of your state.
EU / EEA / UK. The App is not currently offered in the EU, EEA, or UK — see §11.
8. International Data Transfers
The App is currently offered in the United States, Canada (excluding Quebec), Australia, and New Zealand. It is not offered in Quebec at this time.
Our servers and primary processors (sub-processors) are located in the United States:
- Supabase — database, authentication, edge functions. United States.
- Third-party AI provider (identity available on request) — AI form/mobility analysis. United States.
- Sentry — crash and error reporting. United States.
- PostHog — product analytics. United States.
- RevenueCat — subscription state. United States.
- Apple (and, in future, Google) — sign-in and payment. United States / your region.
If you use the App from outside the United States, your data — including the body-image frames described in §6(b) — is transferred to and processed in the United States. We use appropriate contractual protections with our processors for these cross-border transfers. EU/EEA/UK availability is addressed in §11.
9. Data Security
We protect your data with industry-standard measures:
- TLS 1.2+ for all data in transit
- Encryption at rest for stored database content
- Row-level security policies in Supabase ensuring you can only access your own data
- Salted password hashing for email-auth accounts (handled by Supabase Auth)
- Credentials for our AI provider stored securely on our servers, never embedded in the client app
- No persistent storage of the camera frames sent for analysis
No system is 100 % secure. We cannot guarantee absolute security and you use the service at your own risk. We will notify affected users and applicable regulators of any data breach involving personal information as required by law.
10. Region-Specific Rights (Canada, Australia, New Zealand)
(a) Canada (PIPEDA)
We collect, use, and disclose your personal information with your meaningful consent and only for the purposes described in this policy. Your data is processed in the United States by the sub-processors named in §8; by using the App you acknowledge this cross-border processing. You may request access to or correction of your information, or withdraw consent (subject to the effect that has on the service), by contacting support@repformai.com. If we experience a breach of security safeguards that creates a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by law. The App is not currently offered in Quebec.
(b) Australia (Privacy Act 1988 / Australian Privacy Principles)
Your injury, pain, bodyweight, cycle, and form-analysis data are “sensitive information” under the Australian Privacy Principles (APPs). We collect it only with your consent and only as reasonably necessary to provide the App. Your data is disclosed to and stored by overseas recipients in the United States (§8); by consenting you agree to this overseas disclosure for the purposes of APP 8. You may request access to or correction of your personal information, and you may complain to us or to the Office of the Australian Information Commissioner (OAIC). We will notify you and the OAIC of any eligible data breach likely to result in serious harm, as required by the Notifiable Data Breaches scheme.
(c) New Zealand (Privacy Act 2020)
We handle your personal information in accordance with the Information Privacy Principles. Health-related information is collected only with your consent. Your information is disclosed to and processed by overseas processors in the United States (§8). You may request access to and correction of your information. We will notify the Office of the Privacy Commissioner and affected individuals of any privacy breach that it is reasonable to believe has caused, or is likely to cause, serious harm, as required by law.
11. EU / EEA / UK
The App is currently offered only in the United States, Canada (excluding Quebec), Australia, and New Zealand. It is not offered in the EU, EEA, or UK. If we make the App available in those regions, we will first update this policy with the additional terms that apply there — including our legal bases for processing, the mechanism we use to transfer data to the United States, and your full data-subject rights.
12. Changes to This Policy
We may update this policy at any time. Material changes will be communicated through the App (in-app banner or notification) before they take effect. The "Last updated" date at the top of this document reflects the most recent revision.
13. Contact
For privacy questions, data requests, or to exercise any rights described in §7, contact: support@repformai.com
For California-specific requests, include "CCPA Request" in the subject line. For EU/UK requests, include "GDPR Request."