Plain-English summary. REPEATT is a bodyweight fitness app that turns reps and timed sessions into solo or social rounds. We collect the minimum data needed to run your account, track your progress, deliver matches, and keep the service safe. Your camera is used on-device to count reps — the app does not upload raw video. You can request deletion of your account and data at any time.
1. Who we are
REPEATT (the “App”, “we”, “us”) is a fitness application available on iOS and Android. This Privacy Policy explains what personal data we process when you install, sign in to, or use the App, and when you contact us for support.
For privacy questions or to exercise your rights, contact us at privacy@repeatt.app.
2. Scope
This Policy applies to personal data processed through the REPEATT mobile app, our backend services, our website, and our customer-support channels. It does not cover third-party services we don’t control (for example, Apple, Google, Meta, AppsFlyer) — those are governed by their own policies, which we link to in Section 5.
3. Data we collect
We collect data in these categories, only where it is needed to run the App you asked for:
3.1 Account & profile
- Guest identifier. When you first open the App, we create an anonymous user record so you can play, save progress, and earn coins without signing up.
- Display name you choose during onboarding — used on scoreboards, in squad invites, and on the weekly league leaderboards.
- Sign-in identifiers if you choose to link a Google account through Firebase Authentication (account ID, email, display name, optional avatar URL).
3.2 Device & technical data
- Platform & device language (iOS or Android, plus the device’s preferred languages) — saved when your account is first created so we can localize content and reminders.
- Push notification token (FCM / APNs registration token) — only after you grant notification permission, so we can send squad reminders and weekly league prize alerts.
- Advertising identifier (IDFA on iOS, GAID on Android) — used to limit ad frequency, attribute installs, and detect fraudulent ad activity. On iOS this is collected only if you allow tracking through Apple’s App Tracking Transparency prompt.
- Technical metadata ordinarily logged by our servers (IP address, request timestamps) for security, debugging, and abuse prevention.
3.3 Fitness, gameplay & progression
- Workout & session results — the exercises you played, reps counted, timing, block durations, scores, and outcomes for solo, online, friends-group, and weekly-league sessions.
- Progression state — muscle coins, league tier and points, exercise unlocks, daily ad limits, and similar in-app economy fields.
- Squad / friends-group state — which squads you create, join, or are invited to, and session participation history within those squads.
3.4 Camera input (on-device only)
When you start a rep-counted exercise, the App uses your phone’s camera to detect body pose locally on the device. Raw camera frames and video are not uploaded to our servers. Only the resulting numbers — counted reps, scores, and (during live multiplayer rounds) a small skeleton-keypoint payload that lets your friends see a stick-figure of your movement in real time — are transmitted to power the multiplayer experience.
3.5 Purchases
When you buy a subscription or coin pack, payment is handled by Apple’s App Store or Google Play. We receive the resulting transaction identifier, product ID, and entitlement status — not your payment-card details.
3.6 Diagnostics & support
If you contact support or report a problem, we keep the messages you send us and any technical context you choose to share (such as a session ID).
4. How we use your data
We use the data described above to:
- Run your account, save your progress, and sync state across devices when you sign in.
- Match you into online quick-match games and friends-group sessions, and animate other players’ movement in real time.
- Calculate weekly-league points, distribute prize coins, and surface leaderboards.
- Send notifications you opted into (squad reminders 5 minutes and 1 minute before a session, prize announcements, and other essential alerts).
- Detect, prevent, and respond to abuse, fraud, and security incidents.
- Show, measure, and limit advertising — only where you have consented under platform rules.
- Improve the product based on aggregated usage and event analytics.
- Comply with applicable law and respond to lawful requests.
5. Third-party services
We use a small number of carefully selected providers to operate REPEATT. They process data on our behalf and under their own privacy policies:
| Provider | Purpose | Policy |
|---|---|---|
| Google Firebase (Authentication, Cloud Messaging) | Sign-in via Google, push notification delivery, install identifiers | Google Privacy |
| Apple Push Notification service | Delivery of iOS push notifications | Apple Privacy |
| Apple App Store / Google Play | In-app purchases and subscription billing | Apple / Google |
| Meta App Events (Facebook SDK) | Conversion analytics & advertising measurement | Meta Privacy |
| AppsFlyer | Mobile attribution & marketing analytics | AppsFlyer Privacy |
| Google AdMob | Native & rewarded advertising inside the App | AdMob & Ads |
| MongoDB Atlas (cloud hosting) | Database hosting for accounts, sessions, and progression | MongoDB Privacy |
We do not sell your personal data to data brokers. We share data with the providers above only as needed to deliver the features you use.
6. Advertising & App Tracking Transparency
REPEATT shows native ads in some screens (homepage, coins & progress, weekly cup, store) and rewarded ads when you tap “Watch & earn” or replace the “Play again” button on the game-over screen.
- iOS: The first time you’d benefit from a personalized ad, the system shows Apple’s App Tracking Transparency prompt. If you decline, your IDFA is not collected and our partners receive only non-personalized signals.
- Android: You can reset or limit your advertising ID at any time from your device’s ad settings.
- Subscriptions that include the “no ads” entitlement disable advertising across the App for as long as the subscription is active.
7. Camera & pose data
The camera permission is required only for rep-counting exercises. Pose detection runs on-device using ML Kit; raw video frames stay on your phone. During live multiplayer rounds we transmit a compact skeleton-keypoint payload (no images) at 10–15 FPS so squadmates can see a real-time stick-figure of your movement. The pose payload is used only to render the live HUD and is not stored after the session ends.
You can revoke camera access at any time from your device’s settings; rep-counted exercises will then be unavailable until you re-grant access.
8. Purchases & subscriptions
Subscriptions and consumable coin packs are sold through Apple’s App Store or Google Play under those stores’ terms. Subscriptions auto-renew unless cancelled in your Apple ID or Google Play account at least 24 hours before the period ends. We receive only the transaction identifier and entitlement status — never your card number, billing address, or full receipt.
9. Push notifications
After you grant notification permission, we may send:
- Squad reminders 5 minutes and 1 minute before a scheduled session.
- Weekly league prize announcements when you finish 1st, 2nd, or 3rd in your league.
- Operational alerts about your account.
Notifications are translated to English or Hebrew based on your device language. You can turn them off at any time from your phone’s settings.
10. Retention
- Account & profile data: while your account is active, plus a short period after deletion to handle backups, dispute resolution, and legal claims.
- Push tokens: until they expire or you revoke notification permission.
- Session results & progression: while your account exists; aggregated / anonymized statistics may be retained longer.
- Server logs: typically up to 90 days for security and debugging.
11. Your rights
Depending on where you live, you may have the right to access, correct, port, delete, or restrict the processing of your personal data, and to withdraw consent for optional processing. Israeli users may exercise rights under the Protection of Privacy Law, 5741-1981 and complain to the Israeli Privacy Protection Authority.
To exercise any of these rights, email privacy@repeatt.app from the address tied to your account, or contact us through the in-app support flow.
12. Account & data deletion
You can request that we delete your account and the personal data we hold about you. Full instructions — including what is removed and what we may legally need to keep — are on the dedicated User Data Deletion page.
13. Children
REPEATT is not directed at children under 13 (or the higher minimum age set by local law, where applicable). We do not knowingly collect personal data from children under that age. If you believe a child has provided us with personal data, contact us and we will delete it.
14. International transfers
Your data may be processed in Israel and in countries where our providers operate, including the United States and the European Union. Where required, we rely on appropriate safeguards (such as standard contractual clauses or other lawful mechanisms) to protect your data when it crosses borders.
15. Security
We use industry-standard technical and organizational measures, including encryption in transit (TLS / HTTPS), restricted access controls, and vendor security reviews. No internet-based service can guarantee absolute security; we encourage you to use a strong, unique password for your linked Google account and to keep your device’s OS up to date.
16. Changes to this policy
We may update this Policy from time to time. When we do, we will update the “Effective date” above and, where required by law, provide additional notice in the App. Continued use of REPEATT after an update means you accept the revised Policy.
17. Contact
Privacy questions, rights requests, and policy feedback: privacy@repeatt.app.