Skip to content
RepTrackGet the app

Privacy Policy

This policy explains what data RepTrack: Gym Companion ("RepTrack", "we", "us") collects, why, how it is stored, and the rights you have over it. It applies to the RepTrack iOS app and this website (gymcompanion.app).

Last updated: 2026-06-19

The short version

  • We collect only what the app needs to work: your sign-in identity and the training data you create.
  • We do not show ads, run third-party analytics or advertising trackers, or sell your data.
  • Your data is tied to your account and synced so it's available on every device you sign in to.
  • You can delete your account and all of your data at any time from within the app (Profile › Delete account).

1. Who is responsible (data controller)

The party responsible for your data under the GDPR and other applicable law is:

ModLog UG (haftungsbeschränkt)
Rheinstr. 20
36124 Eichenzell
Germany
Represented by: David Hermann (Managing Director)
Email: [email protected]

We have not appointed a Data Protection Officer, as we are not legally required to. You can reach us about any privacy matter at the email above.

2. What data we collect and why

Account & identity

When you sign in with Apple or Google, we receive and store a small set of identity details so we can create and recognise your account and keep your data in sync:

  • Email address — your unique account identifier. With Sign in with Apple you may choose Apple's private relay address, in which case we only ever see that relay address.
  • Display name — shown in the app (e.g. "Good morning, Alex").
  • Profile picture (avatar) URL — only if your Google account provides one. We store the link, not the image.
  • A provider account identifier — the stable, anonymous ID Apple or Google assigns (the "sub" claim). We use it to match you to your account on future sign-ins.

Your training content

This is the data you create by using the app. It is the core of the service:

  • Workout plans — names, focus, colour and ordering.
  • Exercises — names, muscle group, machine details and your default sets, reps and starting weights.
  • Sessions and logs — the date and time of each session, its duration, and every set you record (weight, reps, completion).
  • Creatine logs — which days you marked as taken, used to show your streak.
  • Music tracks — any track metadata (title, artist, album) you add to a session playlist.

Exercise photos

If you add a photo to an exercise, the image is uploaded and stored in our object storage so it syncs across your devices. Photos are accessible only in connection with your account.

Connected services (optional)

If you choose to connect Spotify or Discord, we store the connection state and, where applicable, your handle/username for that service so the integration can function. These connections are entirely optional and can be removed in the app.

Technical data

Like any internet service, our servers process basic technical information (such as IP address and request metadata) as needed to deliver the service, keep it secure, and diagnose errors. We keep server logs to a minimum and do not use them to build profiles of you.

3. What we do not collect

  • No advertising identifiers and no ads.
  • No third-party analytics or marketing/tracking SDKs.
  • No precise location data, contacts, or Apple Health / HealthKit data.
  • No payment data — the app is free, so we never handle card details.

4. How we use your data

  • To create your account and authenticate you.
  • To provide the core features: storing your plans, sessions, stats and logs, and syncing them across your devices.
  • To keep the service secure and to detect and fix problems.
  • To respond to you when you contact us for support.

We do not use your data for advertising, and we do not sell or rent it to anyone.

5. Legal bases (GDPR)

Where the GDPR applies, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to provide the app and its core features once you sign in.
  • Consent (Art. 6(1)(a)) — for optional features you explicitly enable, such as connecting Spotify or Discord. You can withdraw consent at any time by disconnecting them.
  • Legitimate interests (Art. 6(1)(f)) — to keep the service secure and reliable. We balance these against your rights.

6. Sign in with Apple & Google

Authentication is handled by Apple and Google. When you sign in, the relevant provider verifies your identity and returns the limited details described above. Their handling of your data is governed by their own privacy policies:

7. Sharing & service providers (processors)

We do not sell your data. We share it only with the service providers we rely on to run RepTrack, and only as needed for them to perform their function on our behalf:

  • Authentication providers — Apple and Google, as described above.
  • Hosting & infrastructure — the servers, database and object storage that hold your account and training data are operated by us, ModLog UG (haftungsbeschränkt).
  • Spotify and Discord — only if you choose to connect them, and only to the extent needed for that integration.

We may also disclose data if required by law, or to protect our rights, safety, or the integrity of the service.

8. Where your data is stored

Your data is stored on infrastructure operated by ModLog UG (haftungsbeschränkt) within the European Union. We do not transfer your personal data outside the European Economic Area (EEA). Should that change in the future, we will rely on appropriate safeguards (such as the EU Standard Contractual Clauses) and update this policy accordingly.

9. How long we keep your data

We keep your account and training data for as long as your account exists, so the service can work and your history stays intact. When you delete your account, your data is deleted (see below). Minimal technical logs are retained only for a short period for security and troubleshooting. TODO: state your exact log retention period, e.g. 30 days.

10. Deleting your account & data

You can delete your account and all of the data associated with it at any time from within the app: Profile › Delete account. This permanently removes your account, plans, exercises, sessions, logs, creatine history, connections and uploaded photos. If you have trouble deleting your account, email us at [email protected] and we will do it for you.

11. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict or object to the processing of your data, to data portability, and to withdraw consent. Much of this is available directly in the app (your data is visible in the app, and account deletion is self-service). For anything else, contact us at [email protected].

If you are in the EU/EEA and believe we have mishandled your data, you also have the right to lodge a complaint with your local data protection authority.

12. Children

RepTrack is not directed to children. The app is rated for general audiences and is not intended for use by children under the age required for consent in your country (16 in much of the EU). We do not knowingly collect data from children below that age.

13. Security

Data is transmitted over encrypted connections (HTTPS) and access to it is restricted to your authenticated account. While no service can guarantee absolute security, we take reasonable technical and organisational measures to protect your data.

14. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide a more prominent notice where appropriate.

15. Contact

Questions about this policy or your data? Email [email protected].