Privacy Policy

Last Updated: October 9, 2025

1. Introduction

Welcome to Reps. We take your privacy seriously and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

Privacy-First Architecture:

Reps is designed with a privacy-first architecture that minimizes our access to your health data:

  • In-Memory Processing Only: Your health data is processed temporarily in Cloud Functions memory to facilitate AI analysis, then immediately discarded
  • No Database Storage: We do NOT store your raw health data in any database, storage system, or cache
  • Log Sanitization: We sanitize health information from server logs to protect your privacy. Only non-sensitive metadata (request counts, performance metrics) is logged for operational purposes.
  • AI Processing: Data is routed through our Cloud Functions to Google Vertex AI for temporary AI processing under Google Cloud Platform's Business Associate Agreement
  • Local Results Only: AI-generated insights are returned directly to your device and stored locally in the app, not on our servers

Simply put: We process your health data temporarily to provide AI insights, but we do not permanently store or retain it. Your data exists in our systems only during active AI processing requests.

2. Information We Collect

2.1 Health Information (NOT PERMANENTLY STORED)

IMPORTANT: The following health data is processed temporarily for AI analysis. We do NOT permanently store or retain this data:

  • Workout Data: Exercise types, sets, reps, weights, duration, workout history (up to 30 workouts sent to AI for analysis)
  • Nutrition Data: Meal entries, food photos, calorie intake, macronutrients, caffeine, water intake (up to 100 meals sent to AI for insights)
  • Health Metrics: Heart rate, HRV, VO2 max, blood pressure, steps, active energy, sleep data from Apple Health (sent to AI for health analysis)
  • Body Measurements: Weight, height, body fat percentage, lean mass (sent to AI for personalized coaching)

How Your Health Data is Processed:

  • Temporary Processing: Health data is processed in-memory during AI requests and immediately discarded after completion
  • AI Processing via Google Vertex AI: Data is routed through our Cloud Functions to Google Vertex AI under Google Cloud Platform's Business Associate Agreement (BAA)
  • Limited Data Retention: Google may temporarily cache data for up to 24 hours for performance optimization, but does NOT use your data to train AI models
  • Sanitized Logs: We sanitize health information from server logs. Only non-sensitive metadata is logged for operational monitoring.
  • No Permanent Storage: We do NOT permanently store your raw health data in any database or storage system
  • Local Results Storage: AI-generated insights are returned to your device and stored locally in the app, NOT on our servers

2.2 Personal Information

  • Account Information: Email address, name, and authentication credentials
  • Profile Data: Fitness goals, preferences, and settings

2.3 Usage Information

  • App Usage: Features used, session duration, and interaction patterns
  • Device Information: Device type, operating system, and app version

2.4 Location Data

With your permission, we collect location data to provide weather-based workout recommendations for outdoor activities. This data is processed locally on your device and only aggregated, non-identifiable information is sent to our servers.

2.5 Photos and Camera Access

We request camera and photo library access to analyze meal photos using AI. Food photos are:

  • Transmitted to Google Vertex AI (Gemini Vision): Photos are sent to Gemini for real-time nutrition analysis
  • NOT Permanently Stored: Photos are NOT permanently stored on our servers after AI processing
  • Local Storage Only: Photos and nutrition results are stored locally on your device in the app
  • Temporary Processing: Google Vertex AI does NOT retain photos after nutrition analysis is complete

3. How We Use Your Information

We use the collected information to:

  • Provide Services: Track workouts, analyze meals, and sync with Apple Health
  • AI Insights: Temporarily transmit your health data to Google Vertex AI (Gemini) to generate personalized workout plans, coaching insights, nutrition analysis, and comprehensive health reports
  • Food Photo Analysis: Send food photos to Gemini Vision AI for real-time nutrition estimation
  • Improve Experience: Collect anonymous usage statistics (feature usage, performance metrics) to optimize the app
  • Communication: Send important updates, security alerts, and support responses
  • Security: Detect and prevent fraud, abuse, and security incidents

Your health data is transmitted to Google Vertex AI for AI processing in HIPAA-compliant mode. Google does NOT retain your data after processing. AI-generated insights are returned to your device for local storage, and we do NOT permanently store your raw health data on our servers.

4. Data Security & Privacy Architecture

Minimizing Data Retention:

Reps is designed to minimize retention of your health data:

  • In-Memory Processing: Health data is processed temporarily in Cloud Functions memory during AI requests and immediately discarded after completion
  • No Permanent Database Storage: We do NOT store your raw health data in any database or persistent storage system
  • Log Sanitization: We sanitize health information from server logs. Only non-sensitive metadata (request counts, performance metrics) is logged for operational monitoring.
  • AI Processing: Data is routed through our Cloud Functions to Google Vertex AI under Google Cloud Platform's Business Associate Agreement (BAA) for HIPAA-covered services
  • Limited Google Caching: Google Vertex AI may temporarily cache data for up to 24 hours for performance optimization, but does NOT use your data to train AI models or for any other purpose beyond processing your requests
  • Local Results Only: AI-generated insights are returned to your device and stored locally in the app, NOT on our servers
  • Encrypted Transit: All data transmission uses TLS 1.2+ encryption
  • Metadata Storage Only: We store only non-sensitive metadata: user ID, subscription status, API usage counts, performance metrics

5. Data Security

We implement industry-standard security measures:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest
  • Access Controls: Strict user authentication and authorization
  • Audit Logging: All access to health data is logged and monitored
  • Log Sanitization: Sensitive health metrics are redacted from logs
  • Secure Authentication: Token-based authentication with auto-expiration

6. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal or health information. We share data only as described below:

  • Google Vertex AI (Gemini): We transmit your health data temporarily to Google Vertex AI for AI processing under Google Cloud Platform's Business Associate Agreement. Google may cache data for up to 24 hours for performance but does NOT use your data to train AI models.
  • Google Cloud Platform: We use Google Cloud services (Cloud Functions, Firestore, Identity Platform) for app infrastructure, authentication, and analytics. Only non-sensitive metadata is permanently stored.
  • With Your Consent: When you explicitly authorize data sharing
  • Legal Obligations: When required by law or to protect rights and safety
  • Business Transfers: In case of merger, acquisition, or sale, only account data and metadata may be transferred (not raw health data, which we do not retain)

Your health data is transmitted to Google Vertex AI for temporary AI processing. We do NOT permanently store raw health data on our servers. Google may cache data temporarily (up to 24 hours) but does not use it beyond processing your AI requests.

7. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal and health data
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and all associated data
  • Data Portability: Export your data in a machine-readable format
  • Opt-Out: Disable specific features or data collection
  • Revoke Permissions: Remove access to Apple Health, camera, or location

To exercise these rights, contact us at [email protected]

8. Data Retention

  • Health Data Processing: Processed temporarily in Cloud Functions memory during AI requests, then immediately discarded. NOT permanently stored on our servers.
  • Google Vertex AI Caching: Google may cache data for up to 24 hours for performance optimization, but does NOT use data beyond processing your requests
  • AI Insights: Generated insights (workout plans, health reports, coaching tips) are stored locally on your device only, NOT on our servers
  • Account Information: Email and authentication data retained as long as your account is active
  • Usage Metadata: Non-sensitive metadata (API usage counts, performance metrics) retained for service optimization
  • Deleted Accounts: All account data and metadata permanently deleted within 30 days of account deletion
  • Legal Requirements: Some data may be retained longer if required by law
  • Aggregated Analytics: Anonymous, non-identifiable usage statistics may be retained indefinitely for app improvement

We do NOT permanently store your raw health and fitness data on our servers. Health data is processed temporarily for AI analysis and discarded. You maintain control by managing data locally on your device and in Apple Health.

9. Children's Privacy

Reps is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your data is primarily stored in Google Cloud Platform's US data centers (us-central1). By using Reps, you consent to the transfer and processing of your data in the United States.

11. Third-Party Services

We integrate with the following third-party services:

  • Apple Health (HealthKit): We read health data from Apple Health for AI analysis. Subject to Apple's privacy policy.
  • Apple Sign-In: For secure authentication. Subject to Apple's privacy policy.
  • Google Vertex AI (Gemini): We transmit your health data to Google Vertex AI for temporary AI processing under Google Cloud Platform's Business Associate Agreement for HIPAA-covered services. Google may cache data for up to 24 hours for performance but does NOT use your data to train AI models or for any purpose beyond processing your requests. Subject to Google's Vertex AI data governance policies.
  • Google Cloud Platform: We use Cloud Functions, Firestore, and Identity Platform for app infrastructure. Subject to Google's privacy policy and BAA for covered services.
  • Firebase: For authentication, analytics, and app performance monitoring. Subject to Google's Firebase privacy policy.

IMPORTANT: Google Cloud Platform services operate under a Business Associate Agreement for HIPAA-covered services. Google Vertex AI may temporarily cache data for up to 24 hours for performance optimization but does NOT use your data beyond processing your AI requests.

We are not responsible for the privacy practices of third-party services beyond our contractual agreements. Please review their privacy policies for additional information.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be posted on this page with an updated "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy. We recommend checking this page periodically for updates.

14. Contact Us

For questions or concerns about this Privacy Policy, contact:

Email: [email protected]
Developer: Siddharth Natamai
Website: reps.siddharthnatamai.com

15. Consent

By using Reps, you consent to this Privacy Policy and our collection, use, and disclosure of your information as described herein.

Questions about your privacy?

We're here to help. Contact us anytime with privacy concerns or data requests.

Contact Support