Privacy Policy

We collect only the information needed to provide the service:

• Account data — your name and email address when you register.
• Profile data — optional details you choose to add, such as age, weight, height, fitness goal, and preferred workout days.
• Activity data — gym check-ins, workout sessions, exercise logs, and custom workouts you create within the platform.
• Technical data — standard server logs (IP address, browser type, pages visited) used solely for security and service diagnostics. These logs are retained for no longer than 90 days.

We do not collect payment information. Repflow does not process any financial transactions.

Sensitive Personal Data:Under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), certain information you provide — including physical health data such as weight, height, and fitness-related details — constitutes “Sensitive Personal Data or Information” (SPDI). We collect this data only with your explicit consent and apply additional protections to it as required by law.

• To create and manage your account.
• To deliver core platform features — workout tracking, check-in history, progress charts, and personalised content.
• To improve the platform by understanding how features are used (aggregate, anonymised analysis only).
• To respond to support requests or feedback you send us.
• To detect and prevent fraudulent or abusive activity.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

Your data is stored on secured servers. We apply industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and access controls to protect your information.

No method of transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

Repflow uses a secure HTTP-only authentication cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies. No cookie consent banner is required for strictly necessary session cookies under most data protection frameworks.

We do not embed third-party advertising networks, analytics SDKs that track you across sites, or social media tracking pixels. If this changes in the future, this policy will be updated before any such services are introduced.

Under the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023 (“DPDP Act”), you have the following rights as a Data Principal:

• Access — request a summary of the personal data we hold about you and how it is being processed.
• Correction — update inaccurate or incomplete data (you can do this directly in your profile settings).
• Deletion / Erasure — request that your account and all associated personal data be deleted.
• Portability — request your data in a structured, machine-readable format.
• Withdrawal of Consent — withdraw consent for processing your data at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Grievance Redressal — raise a complaint with our Grievance Officer (see Section 10).
• Nomination — nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity, as provided under the DPDP Act, 2023.

To exercise any of these rights, contact our Grievance Officer using the details in Section 10. We will acknowledge your request within 48 hours and respond within 30 days.

We retain your personal data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where we are required to retain certain records by law.

Repflow is not directed at children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe a minor has created an account, please contact us so we can remove the data promptly.

Your personal data may be stored or processed on servers located within or outside India. Where data is transferred outside India, we ensure that the recipient provides a level of protection equivalent to the standards required under Indian law, including the SPDI Rules and the DPDP Act, 2023. By using Repflow, you consent to such transfers where necessary to provide the Service.

In accordance with the Information Technology Act, 2000 and the SPDI Rules, 2011, any complaints or concerns regarding the processing of your personal data may be directed to our Grievance Officer:

• Name: [Grievance Officer Name]
• Email: [grievance@repflow.com]
• Response time: We will acknowledge your grievance within 24 hours and resolve it within 30 days of receipt.

For general questions, you may also reach us via the Contact page.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be communicated via a notice on the platform or by email. Continued use of Repflow after any change constitutes your acceptance of the updated policy.