Privacy

Privacy Policy

At ExtraRep, we are committed to protecting your personal information and your right to privacy. This policy explains what data we collect when you use the App, where it is stored, who we share it with, how long we keep it, and the rights you have over it. It is written in plain English. If any part of it is unclear, email us at the address in §12 and we will explain.

By creating an ExtraRep account or using the App, you agree to the data practices described in this policy. If you do not agree, please do not use the App.

Who we are
Data we collect
How we use your data
Service providers
Data retention
Your rights
Security
Children's privacy
International transfers
Cookies and tracking
Changes to this policy
Contact us

1. Who we are

ExtraRep ("the App", "the Service") is a strength-training tracker operated by an individual developer ("we", "us", "our"). For purposes of EU and UK data-protection law (GDPR / UK GDPR), the data controller is the developer, reachable at extra-rep@outlook.com. There is no separate company or parent organisation behind ExtraRep.

2. Data we collect

ExtraRep separates data into two locations: data that lives on our servers so the App can sync across your devices, and data that stays on your device because there is no reason for us to see it. The split is enforced in code; there is no hidden upload path.

2.1 Data stored on our servers

The following is stored in our managed PostgreSQL database, hosted by Neon (region: AWS Singapore):

Email address. Normalised to lowercase. Used to sign you in, send verification codes, and contact you about your account.
Password hash. A one-way bcrypt hash. We do not see or store your actual password.
Username (optional). A public-facing display handle, if you choose to set one.
Email-verification status. A timestamp indicating when you verified your email, plus short-lived verification challenges (one-time codes stored as hashes, expiring in minutes).
Google sign-in link. If you used "Sign in with Google", we store the opaque Google-issued account ID. We do not store anything else from your Google profile.
Workouts. Each workout's timestamp, an optional free-text note, and every set inside it (exercise, reps, weight, optional RPE, set type, completion status).
Custom exercises. Names and muscle categories of any exercises you create.
Body measurements. Each check-in you record: timestamp (which may be backdated), optional weight, body-fat percentage, height, and circumference measurements (waist, chest, shoulders, arms, legs, etc.).
Saved routines. Routine names and the exercises and sets you configure for quick reuse.
Profile and onboarding data. Optional gender and date of birth (if entered); starting height and weight from onboarding; unit preferences (weight, distance, body measurements); fitness goal; optional display name, bio, and profile link for your in-app profile card.
Account-revocation timestamp. A server-side marker that lets us instantly invalidate every previously issued login token (for example, after a password change).

2.2 Data stored only on your device

The following data either never leaves your device, or exists only as a fast local cache while the authoritative copy lives on our servers (see §2.1). We have no server-side copy of image files or your login secret.

Progress photos attached to workouts. Saved in the App's private documents directory. There is no upload path for photo bytes.
Profile picture file selected from your gallery. Only the local file path is kept on the device for display; the image is not uploaded.
Calendar week-start preference (which day starts your training week in charts). Stored locally so it follows your device; does not sync.
Local cache of synced data. The App may keep a temporary copy of profile, measurements, and routines on disk for speed when offline. On next successful sign-in, the cache is refreshed from the server.
Login token. A short-lived JSON Web Token kept in the device's secure hardware-backed store (Android Keystore / iOS Keychain), so you stay signed in.

2.3 Crash reports

When the App crashes or hits an unhandled error in production, we send an anonymous crash report to Sentry (our error-tracking provider — see §4).

A crash report contains:

The stack trace of the exception.
App version, build environment, and an event ID generated by Sentry.
OS name and version, device model, screen size, and locale.
A short trail of preceding in-app actions (breadcrumbs) — for example, "tapped Profile", "API request to /workouts" — with authorisation tokens removed before send.

A crash report does not contain:

Your email address, username, or password.
Your IP address (we have explicitly disabled sendDefaultPii in the Sentry SDK).
Any device-unique identifier (no advertising ID, no install ID).
The contents of your workouts, sets, body measurements, routines, or profile fields.

Sentry is disabled entirely in development builds and in Expo Go. Only signed release builds installed via Google Play (or, later, the App Store) send any data.

2.4 What we do not collect

By design, we never collect:

Your real legal name as a separate field.
Your phone number.
Your physical address or postcode.
Your contacts, calendar, or call history.
Your location, GPS coordinates, or wireless-network info.
Health or fitness data from Apple Health or Google Fit (no integration).
Advertising identifiers (no IDFA, no Android Advertising ID).
Browsing or in-app activity for marketing or profiling.

Optional gender and date of birth (mentioned in §2.1) are collected only if you choose to enter them in onboarding or profile settings.

3. How we use your data

We use your data only to operate the App. Under EU and UK GDPR, every piece of personal data we process needs a legal basis. Ours are below.

Data	Purpose	Legal basis
Email and password hash	Identifying you across sessions and devices.	Contract (Art. 6(1)(b)).
Workouts, sets, custom exercises	Storing and retrieving your training history.	Contract (Art. 6(1)(b)).
Body measurements	Charting your physical progress across devices.	Contract (Art. 6(1)(b)).
Saved routines	Storing workout templates you create.	Contract (Art. 6(1)(b)).
Profile and onboarding data	Personalising the App and showing your preferences consistently when signed in.	Contract (Art. 6(1)(b)).
Google sign-in link	Letting you sign in without a password.	Contract (Art. 6(1)(b)).
Email-verification challenges	Confirming you control the email address you registered.	Legitimate interest (Art. 6(1)(f)).
Crash reports	Diagnosing and fixing bugs.	Legitimate interest (Art. 6(1)(f)). You may object — see §6.
Server access logs	Security, abuse detection, debugging.	Legitimate interest (Art. 6(1)(f)).

We do not use your data to:

Sell, rent, or trade it to anyone.
Train machine-learning models.
Show you advertising. The App contains no ads.
Show your data to other users.

4. Service providers

We use a small number of carefully selected service providers to operate the App. Each handles data on our behalf under their published data-processing terms; none are permitted to use your data for their own purposes. The list below is exhaustive.

Provider	What they handle	Where
Render (Render Services, Inc.)	Hosts the backend API server and this website.	API in Singapore. Static site served from a global edge network.
Neon (Neon, Inc.)	Hosts the PostgreSQL database (account, workouts, measurements, routines, profile).	AWS Singapore (`ap-southeast-1`).
Sentry (Functional Software, Inc., dba Sentry)	Receives anonymous crash reports from production builds. Configured to ingest data into the EU region (`de.sentry.io`).	European Union (Germany).
Google (Google LLC)	Provides "Sign in with Google" only. When you tap that button, Google handles the sign-in and returns an account ID we link to your ExtraRep account. We do not share data back to Google about you.	United States.
Microsoft (Outlook.com)	Hosts the support email address (`extra-rep@outlook.com`). When you email us, Microsoft handles the inbox.	United States / global.
Ko-fi (Ko-fi Labs Ltd.)	Processes optional voluntary contributions made through extrarep.app/support. Ko-fi handles the card payment, billing email, and country information; we receive only a "tip received" notification with the donor's name or alias if shared. The ExtraRep mobile app does not process payments and never sees card data. If you do not visit the support page, Ko-fi receives nothing about you.	United Kingdom / global (card processing via Stripe).

If we ever add another service provider, we will update this list and the "Last updated" date below.

4.1 Legal disclosure

We may disclose data if required by a valid legal order from a jurisdiction that applies to us (for example, a court order). We have never received such a request. If we do, and we are legally permitted to tell you, we will.

5. Data retention

Your account, workouts, body measurements, routines, and profile. Kept for as long as your account exists. When you delete your account from inside the App, these database rows are removed immediately. See the account deletion guide for the exact list of what is removed and what may persist briefly in point-in-time recovery history (up to 6 hours) or anonymously (community-shared custom exercises, with the "created by" link severed).
Backups. Our database provider (Neon) keeps a continuous point-in-time recovery history of the last 6 hours as standard disaster-recovery practice on our current plan. Deleted data may persist in that recovery window until it rolls off. We do not restore from this history for individual users — only in the event of a major site-wide failure.
Email-verification challenges. Deleted immediately upon successful verification, when a new code is requested (replacing the previous one), or when the maximum wrong-code attempts are reached.
Server access logs. Rotated weekly. They contain timestamps and request paths but no account identifiers.
Crash reports (Sentry). Retained by Sentry for 90 days, then deleted on their schedule.
Support emails. Kept in the inbox as long as we need them to follow up. You may request deletion of a thread at any time.

6. Your rights

Under GDPR / UK GDPR (and equivalent laws including the California Consumer Privacy Act), you have the rights below. To exercise any of them, email extra-rep@outlook.com from the address on your account. We respond within 30 days and never charge a fee.

Access. Request a copy of all personal data we hold about you. We provide a structured export (typically JSON) covering your account, workouts, custom exercises, body measurements, routines, and profile.
Rectification. Correct inaccurate data. Most fields you can edit yourself in the App (email, username, password). For anything else, contact us.
Erasure ("right to be forgotten"). Delete your account and all data tied to it. The App provides a built-in flow — see the deletion guide. If you cannot sign in, contact us and we will verify ownership another way.
Portability. Receive your data in a structured, machine-readable format (JSON).
Restrict processing. Ask us to pause processing while a dispute is resolved.
Object. Object to any processing we base on legitimate interest (crash reports, server logs). We will stop unless we have a compelling legal reason to continue.
Withdraw consent. Where we rely on consent (we currently do not, but this may change in future), you may withdraw it at any time, without affecting prior processing.
Lodge a complaint. Contact your local data-protection authority. In the EU, that is the supervisory authority of the country you live in; in the UK, the Information Commissioner's Office (ICO).

7. Security

We take a defence-in-depth approach to securing your data:

HTTPS everywhere. Both this website and the backend API are served over TLS only. The .app top-level domain is on the HSTS preload list — every modern browser refuses to connect in plaintext.
Bcrypt-hashed passwords. We cannot read your password. A full database leak does not expose them in usable form.
Short-lived JWTs. Login tokens are signed with a strong server-side secret, audience-pinned, and instantly revocable across every device when you change your password.
Secure local storage. The App's login token is kept in the device's hardware-backed secure store (Android Keystore / iOS Keychain), not in plain shared storage.
Rate limiting. Every sensitive endpoint (registration, login, password change, email change, account deletion, write endpoints) is rate-limited to mitigate brute-force attacks.
Validated input. Every request body is validated. Sensitive fields (passwords, OTP codes, OAuth tokens) are scrubbed from any error response, so a validation error never echoes your password back.
No third-party trackers. No advertising SDKs, no analytics SDKs, no fingerprinting.

No system is perfect. If you discover a security issue, please email extra-rep@outlook.com before disclosing publicly. We will respond promptly and credit you if you would like.

8. Children's privacy

ExtraRep is a general-audience strength-training app. It is not directed at children under 16, and we do not knowingly collect personal data from anyone under that age. The App contains no advertising and no social features that would put a young user in contact with strangers. If you are a parent or guardian and believe your child has signed up, contact us and we will delete the account.

9. International transfers

Our database is in Singapore. Our crash-reporting provider (Sentry) ingests in the EU. Google's OAuth service operates globally from the United States.

If you are based in the European Economic Area (EEA), the United Kingdom, or Switzerland, your data may be transferred outside your home region. Where required by law, these transfers are covered by appropriate safeguards: Render, Neon, and Sentry all publish standard contractual clauses (SCCs) as part of their data-processing terms, and Google's Sign-In service provides equivalent protections. Copies of any of these documents are available on request.

10. Cookies and tracking

The mobile App uses no cookies. It signs you in with a JSON Web Token kept in the device's secure storage; no browser-style cookies are involved. The App contains no analytics SDKs, advertising SDKs, attribution SDKs, fingerprinting libraries, or any other third-party tracking code.

This website (extrarep.app) is served as static HTML and CSS. It sets no cookies, runs no JavaScript that calls third parties, embeds no analytics pixels, and does not fingerprint your browser. You can verify this in your browser's developer tools.

11. Changes to this policy

We may update this policy from time to time. When we do:

We update the "Last updated" date at the bottom of this page.
For material changes (a new service provider, a new data category, a new purpose), we show an in-app notice the next time you open the App and, where we have your verified email, send a one-time email at least 14 days before the change takes effect.
For minor changes (clarifying wording, fixing typos, or adding a section that does not change processing), we simply update the date.

12. Contact us

For privacy questions, data-access requests, complaints, or security reports, email extra-rep@outlook.com. Please include a clear subject line.

To escalate a complaint to a data-protection regulator, you can find your local supervisory authority via the European Data Protection Board's member list (EU/EEA), the ICO (United Kingdom), or your equivalent national authority.

Last updated: 19 May 2026.