Privacy Policy
This policy explains exactly what data ExtraRep collects when you use the app, why we collect it, where it is stored, who we share it with, how long we keep it, and what rights you have over it. It is written in plain English on purpose. If anything is unclear, email us and we will explain.
Short version. Your account holds the email you signed up with, a one-way hash of your password, an optional username, and the workouts you log. Body measurements and progress photos stay on your phone — they are never uploaded. We use Sentry for anonymous crash reports (no email, no IP, no personal data). We don't run ads, we don't sell data, and you can delete everything from inside the app at any time. Full details below.
Contents
- Who we are
- What we collect, and where it lives
- Why we collect it (legal bases)
- Third parties we share data with
- How long we keep data
- Your rights
- Security
- Children's data
- International transfers
- Cookies and tracking
- Changes to this policy
- How to contact us
1. Who we are
ExtraRep is a strength-training tracker run by an individual developer. For the purposes of EU data-protection law (GDPR / UK GDPR), the data controller is the developer behind ExtraRep, reachable at extra-rep@outlook.com. There is no separate company, parent organisation, or legal entity sitting behind the app — just one person, contactable directly.
2. What we collect, and where it lives
ExtraRep splits user data deliberately into two locations: data that has to live on our server so the app can work across devices, and data that stays on your phone because there is no reason for us to see it. The split below is enforced by the actual code — there is no hidden upload path.
2.1 Stored on our server
The following is stored in our managed PostgreSQL database (hosted by Render, region Singapore):
- Email address — the one you signed up with, normalised to lowercase. Used to sign you in, send verification codes, and contact you about your account.
- Password hash — a one-way bcrypt hash. We never see or store your actual password. Even we cannot recover it; if you forget it, you reset it.
- Username (optional) — a public-facing display handle if you choose to set one.
- Email-verification status — a timestamp of when (or whether) you verified your email, plus any short-lived verification challenges (one-time codes, stored as hashes, expiring in minutes).
- Google sign-in link (only if you used "Sign in with Google") — the opaque Google-issued account ID. We do not store anything else from your Google profile (no avatar, no name, no other email).
- Workouts you log — the timestamp of each workout session, an optional free-text note you wrote, and every set inside it (exercise, reps, weight in kilograms, optional RPE, sort order, set type, completed flag).
- Custom exercises you create — the exercise name and the muscle category you assigned.
- Account-revocation timestamp — a server-side marker that lets us instantly invalidate every previously issued login token (e.g. after a password change). It is just a date; it contains no personal data.
2.2 Stored only on your phone
The following never leaves your device. We have no copy of it on our servers, in our backups, or anywhere else. If you delete the app or the account, this data is wiped from the phone in the same step.
- Body measurements (weight, body fat, circumference measurements) — kept in the phone's local database. There is no API endpoint that sends these to us.
- Progress photos the app saves automatically after a workout — stored in the app's private documents directory on your phone. There is no upload path.
- Saved routines — workout templates you built locally for quick reuse.
- Onboarding profile and preferences — your chosen units, week-start day, goals you ticked during onboarding.
- Your login token — a short JSON Web Token (JWT) kept in the phone's secure storage (Android Keystore / iOS Keychain) so you stay signed in.
2.3 Crash reports
When the app crashes or hits an unhandled error in production, we send an anonymous report to Sentry (our error-tracking provider — see Section 4). A crash report contains:
- The stack trace of the exception
- App version, build environment, and Sentry-generated random event ID
- OS name and version, device model, screen size, locale
- A short trail of preceding in-app actions (breadcrumbs) — e.g. "tapped Profile", "API request to /workouts" — with authorisation tokens stripped before send
It does not contain:
- Your email address, username, or password
- Your IP address (we have explicitly disabled
sendDefaultPii) - Any device-unique identifier (no advertising ID, no install ID)
- The contents of your workouts, sets, or measurements
Sentry is disabled entirely in development builds and in Expo Go — only signed release builds installed via Google Play (or, later, the App Store) will send any data.
2.4 What we do NOT collect
To be explicit, ExtraRep does not collect:
- Your real name (we never ask for it)
- Your phone number
- Your physical address or postcode
- Your date of birth or age
- Your contacts, calendar, or call history
- Your location, GPS coordinates, or wireless network info
- Your health or fitness data from Apple Health / Google Fit (no integration)
- Advertising identifiers (no IDFA, no Android Advertising ID)
- Browsing or in-app activity for marketing or profiling
3. Why we collect it (legal bases)
Under EU / UK GDPR, every piece of personal data we process needs a legal basis. Here are ours:
| Data | Purpose | Legal basis |
|---|---|---|
| Email + password hash | Identifying you across sessions and devices | Contract (Art. 6(1)(b)) — required to provide the service you signed up for |
| Workouts, sets, custom exercises | Storing and retrieving your training history | Contract (Art. 6(1)(b)) |
| Google sign-in link | Letting you sign in without a password | Contract (Art. 6(1)(b)) |
| Email-verification challenges | Confirming you control the email address you registered | Legitimate interest (Art. 6(1)(f)) — preventing fake accounts and ensuring account recovery works |
| Crash reports | Diagnosing and fixing bugs | Legitimate interest (Art. 6(1)(f)) — keeping the app reliable. You can object — see Section 6. |
| Server access logs (timestamps, request paths) | Security, abuse detection, debugging | Legitimate interest (Art. 6(1)(f)) |
4. Third parties we share data with
We use a small number of carefully chosen processors. We do not sell, rent, or trade your data. We do not run advertising networks. The list below is exhaustive:
| Processor | What they handle | Where |
|---|---|---|
| Render (Render Services, Inc.) | Hosts the backend API server, the PostgreSQL database where your account and workouts live, and this website. | API + database in Singapore. Static site served from a global edge network. |
| Sentry (Functional Software, Inc., dba Sentry) | Receives anonymous crash reports from production builds. Configured to ingest data into the EU region (de.sentry.io). |
European Union (Germany) |
| Google (Google LLC) | Optional "Sign in with Google" only. When you tap that button, Google handles the sign-in and returns an account ID we link to your ExtraRep account. We don't share anything back to Google about you. | United States |
| Microsoft (operator of Outlook.com) | Hosts the support email address (extra-rep@outlook.com). When you email us, Microsoft handles the inbox. |
United States / global |
Each processor handles data on our behalf under their published data-processing terms. We do not give them permission to use your data for their own purposes. If we ever add another processor, we will update this list and bump the "Last updated" date at the bottom.
4.1 Government or legal disclosure
We may disclose data if required by a valid legal order from a jurisdiction that applies to us (e.g. a court order). We have never received such a request. If we do, and we are legally permitted to tell you, we will.
5. How long we keep data
- Your account and all workout data: kept for as long as your account exists. When you delete your account from inside the app, the database rows are removed immediately. See the account deletion guide for the exact list of what is removed and what may persist briefly in backups (up to 30 days) or anonymously (community-shared custom exercises with the "created by" link severed).
- Backups: our hosting provider keeps automated database backups for up to 30 days as standard disaster-recovery practice. Deleted data may persist there until rotated. We never restore backups for individual user data — only after a major site-wide failure.
- Email-verification challenges: deleted immediately when you successfully verify, when you request a new code (the previous one is replaced), or when you hit the maximum number of wrong-code attempts. An abandoned challenge (you never came back) persists until either you request another code or you delete your account. Even then the row contains only a one-way hash of the code, an expiry timestamp, and an attempt counter — no recoverable code value.
- Server access logs: rotated weekly. They contain timestamps and request paths but no account identifiers.
- Crash reports (Sentry): retained by Sentry for 90 days, then deleted on their schedule.
- Support emails: kept in the inbox for as long as we need them to follow up. You can ask us to delete a thread at any time.
6. Your rights
Under GDPR / UK GDPR (and equivalent laws in many other jurisdictions, including the California Consumer Privacy Act), you have the rights below. To exercise any of them, email extra-rep@outlook.com from the address on your account. We respond within 30 days and never charge a fee.
- Right of access — ask for a copy of every piece of personal data we hold about you. We'll send you a JSON export of your account row, all workouts, and all custom exercises.
- Right to rectification — fix anything inaccurate. Most things you can edit yourself in the app (email, username, password). For anything else, email us.
- Right to erasure ("right to be forgotten") — delete your account and everything tied to it. The app has a built-in flow: how to delete. If you can't sign in, email us and we'll verify ownership another way.
- Right to data portability — receive your data in a structured, machine-readable format (JSON). Same request as access; same response.
- Right to restrict processing — ask us to pause processing while a dispute is resolved. Email us.
- Right to object — object to any processing we base on "legitimate interest" (crash reports, server logs). If you object, we will stop processing for those purposes unless we have a compelling legal reason to continue.
- Right to withdraw consent — where we rely on consent (we currently don't, but this may change), you can withdraw it at any time without affecting prior processing.
- Right to lodge a complaint — you can complain to your local data-protection authority. In the EU, that's the supervisory authority of the country you live in; in the UK, it's the Information Commissioner's Office (ICO).
7. Security
We take a defence-in-depth approach. The most important pieces:
-
HTTPS everywhere. Both this website and the
backend API are served over TLS only. Modern HSTS rules apply
(the
.apptop-level domain is on the HSTS preload list — every browser refuses to talk to us in plaintext). - Passwords are bcrypt-hashed. We cannot read your password. Even a full database leak does not expose them in usable form.
- Login tokens are short-lived JWTs, signed with a strong server-side secret, audience-pinned, and instantly revocable across every device when you change your password.
- The app's local login token is kept in the phone's secure hardware-backed store (Android Keystore / iOS Keychain), not in plain shared storage.
- Rate limiting on every sensitive endpoint — registration, login, password change, email change, account deletion, and write endpoints — to thwart brute-force and abuse.
- Pydantic validation on every request body with sensitive fields (passwords, OTP codes, OAuth tokens) scrubbed from any error response. So a 422 validation error never echoes your password back.
- No third-party trackers. No advertising SDKs, no analytics SDKs, no fingerprinting.
No system is perfect. If you find a security issue, please email extra-rep@outlook.com before disclosing publicly. We will respond quickly and credit you if you'd like.
8. Children's data
ExtraRep is a general-audience strength-training app. It is not directed at children under 16, and we do not knowingly collect personal data from anyone under that age. If you are a parent or guardian and believe your child has signed up, email us and we will delete the account. The app does not show advertising and does not include any social features that would put a young user in contact with strangers.
9. International transfers
Our database lives in Singapore. Our crash-reporting provider (Sentry) ingests in the EU. Google's OAuth service operates globally from the United States.
If you are based in the European Economic Area (EEA), the United Kingdom, or Switzerland, your data may therefore be transferred outside your home region. Where required by law, these transfers are covered by appropriate safeguards — Render and Sentry both publish standard contractual clauses (SCCs) as part of their data-processing terms, and Google's Sign-In service provides equivalent protections. You can request copies of any of these documents from us.
10. Cookies and tracking
The mobile app uses no cookies. It signs you in with a JSON Web Token kept in the phone's secure storage; no browser-style cookies are involved. The app does not include analytics SDKs, advertising SDKs, attribution SDKs, fingerprinting libraries, or any third-party tracking code.
This website (extrarep.app) is served as static
HTML and CSS. It sets no cookies, runs no JavaScript that
calls third parties, embeds no analytics pixels, and does not
fingerprint your browser. You can verify this in your
browser's developer tools.
11. Changes to this policy
When we change this policy in a way that affects you (new processor, new category of data, new purpose), we will:
- Update the "Last updated" date at the bottom of this page.
- For material changes, show an in-app notice the next time you open the app, and (where we have your verified email) send a one-time email at least 14 days before the change takes effect.
For minor changes (clarifying wording, fixing a typo, adding a new section that doesn't change processing), we'll just bump the date.
12. How to contact us
For anything privacy-related — questions about this policy, data-access requests, complaints, security reports — email extra-rep@outlook.com. Please put a clear subject line; we read every message.
If you'd like to escalate a complaint to a data-protection regulator, you can find your local supervisory authority via the European Data Protection Board's member list (EU/EEA), the ICO (United Kingdom), or your equivalent national authority.
Last updated: 6 May 2026.