← Back

Privacy Notice

Last updated: 1 June 2026

1. Who we are

RepNext (ABN 31 362 180 362) is the data controller for the personal information you provide when using the RepNext app. Contact: contact@repnext.app.

2. Information we collect

  • Account data: email address, display name, and (if you sign in with Google or Apple) basic profile fields from that provider. If you use Sign in with Apple, you may choose Apple's private email relay, in which case we receive a relay address (e.g. …@privaterelay.appleid.com) instead of your real email.
  • Workout content: plans, sessions, exercises, reference images, notes, and progression history you create.
  • Plan-import submissions: text or files you submit to the AI plan-import feature.
  • Subscription data: subscription status, plan, and billing period (your payment card and address are collected by Paddle, not by us).
  • Technical data: IP address, device and browser information, and basic usage telemetry used to operate and secure the Service.

3. How and why we use it

  • To provide the Service — store your workouts, sync across devices, run AI plan-import (legal basis: performance of contract).
  • To secure the Service — detect abuse, fraud, and outages (legitimate interests).
  • To support you — respond to your messages (performance of contract / legitimate interests).
  • To meet legal obligations — tax, accounting, and lawful requests (legal obligation).

We do not sell your personal information and we do not run advertising on RepNext.

4. AI plan-import processing

RepNext uses Lovable for hosting and AI processing, and stores data on Supabase infrastructure. When you use the plan-import feature, the text or file you submit is transmitted through Lovable’s AI Gateway to third-party AI providers to structure it into a plan. This data is processed on a pass-through basis and, per Lovable’s agreements with those providers, is not used to train those providers’ models. You confirm the resulting plan in-app before it is saved to your account.

5. Who we share it with

We share personal information only with the service providers we need to operate RepNext:

  • Lovable — application hosting and AI Gateway.
  • Supabase — database, authentication, and file storage.
  • Paddle — Merchant of Record for payments, subscription management, tax compliance, and invoicing.
  • Google — optional “Sign in with Google” authentication.
  • Apple — optional “Sign in with Apple” authentication, including Apple's private email relay service when you choose to hide your email.
  • Authorities or professional advisers — where required by law or to protect our rights.

6. International transfers

Our service providers may process your data outside Australia (including in the United States and the European Union). Where they do, we rely on appropriate safeguards such as their published sub-processor terms, standard contractual clauses, or equivalent mechanisms.

7. How long we keep it

We keep your data for as long as your account is active. When you delete your account from in-app settings, your workouts, plans, exercises, reference images, and profile are deleted from our database. Limited records may be retained where required by law (for example, tax records held by Paddle as Merchant of Record).

8. Your rights

Under the Australian Privacy Principles you can request access to and correction of your personal information, and you can complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled it.

If you are in the EU/UK, you additionally have rights of access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your local supervisory authority. If you are in California, you have rights of access and deletion under the CCPA/CPRA.

To exercise any of these rights, email contact@repnext.app. We aim to respond within 30 days.

9. Security

We use appropriate technical and organisational measures to protect your data, including transport-layer encryption, row-level security on the database, scoped access controls, and authenticated access to subprocessor accounts. No system is perfectly secure; you are responsible for keeping your account credentials safe.

10. Cookies

RepNext uses only essential cookies and local storage required to keep you signed in and to remember your preferences (such as theme and units). We do not use advertising or cross-site tracking cookies.

11. Changes to this notice

We will update this notice when our practices change and revise the “Last updated” date above. Material changes will be notified in-app or by email.