OnRepOnRep
GeneralRunningHYROX
FeaturesPricingFAQ
LoginSign Up
GeneralRunningHYROXFeaturesPricingFAQ

OnRep

Privacy Policy

OnRep publishes this Privacy Policy to explain how we collect, use, store, protect, and dispose of personal information while providing the OnRep service.

Effective date: April 1, 2026 · Last updated: June 20, 2026 · Version 1.1

Download OnRep for iOS and AndroidSign Up

1. Personal information we collect

Required account information

ItemWhen collectedPurpose
Email addressSign-upAccount creation, authentication, password reset, service notices
Nickname or display nameSign-up or profile setupUser identification inside the service
PasswordSign-upEncrypted authentication credential

Information generated while using the service

ItemWhen collectedPurpose
Workout recordsWhen a workout is loggedWorkout history, analytics, and progress comparison
Running GPS route dataWhen Running is usedRoute coordinates are encrypted and saved to the server to show maps and running analysis. The device keeps an AES-256-GCM encrypted fallback only until upload succeeds, and raw GPS/HR/cadence samples are never included in analytics.
Health Connect / Apple Health dataOnly when you connect Health Connect or Apple Health and grant permissionUsed to read workout heart rate and power context, body weight, sleep, HRV, and resting heart rate for personal fitness tracking, relative-strength context, and Pro condition score. User-saved workouts, running distance, route, and workout heart-rate records can be written back when permission is granted. Raw Health Connect / Apple Health values are not used for advertising or third-party marketing.
Device informationWhen the app runsCompatibility checks and bug fixes
Crash and error logsWhen an error occursService stability improvement
Usage eventsDuring app useProduct improvement and UX optimization
Purchase and subscription recordsAt paymentSubscription and payment management

Optional information

ItemWhen collectedPurpose
Apple ID emailWhen Sign in with Apple is selectedSocial login authentication
Google emailWhen Google sign-in is selectedSocial login authentication

Information we do not collect for unnecessary profiling

  • Contacts
  • Government-issued identifiers such as resident registration or passport numbers
  • Sensitive profiling data for external marketing

2. Purposes of collection and use

PurposeDetails
Account managementSign-up, identity confirmation, authentication, password reset
Service deliveryWorkout storage, progress analytics, weekly and monthly comparisons, 1RM estimates, data sync
Product improvementUX improvement and feature planning based on usage patterns
ReliabilityCrash and error tracking, incident response
Customer supportInquiry handling and complaint resolution
Payment managementPaid subscription processing, subscription state management, refund handling
NoticesService changes, maintenance, and important security notices
OnRep does not use collected personal information for third-party marketing, external targeting, or unnecessary profiling.

3. Retention period

Personal information is destroyed without delay once the purpose of collection and use has been fulfilled, unless retention is required by law.

ItemRetention periodBasis
Account informationUntil account deletionService use
Workout recordsUntil account deletionService use
Crash and error logs90 days from collectionService stability
Payment and subscription records5 years from transactionE-commerce records retention
Service usage logs3 months from collectionCommunications records retention
Deleted account information30 days after deletionAbuse prevention and dispute handling

4. Third-party sharing and processors

OnRep does not sell or share personal information with third parties except where the user has consented, where law requires disclosure, or where processors are needed to operate the service.

ProcessorRoleData processedServer location
Supabase Inc.Authentication, database hosting, data syncEmail, nickname, workout recordsUnited States
SentryCrash/error tracking and performance monitoringDevice information and error dataUnited States
RevenueCat, Inc.Subscription management and receipt validationPurchase records, subscription status, anonymous user IDUnited States
Apple Inc.Apple sign-in and App Store paymentsApple ID email and payment dataUnited States
Google LLCGoogle sign-in and Play Store paymentsGoogle email and payment dataUnited States

5. International transfer

Some information may be transferred internationally to cloud, authentication, monitoring, and payment providers required for service operations.

RecipientCountryItemsPurposeRetention
Supabase Inc.United StatesEmail, nickname, workout recordsDatabase hosting and authenticationUntil account deletion
SentryUnited StatesDevice information, crash logsError tracking90 days
RevenueCat, Inc.United StatesPurchase records, subscription statusSubscription management1 year after subscription ends

6. Destruction of personal information

When retention periods expire or processing purposes are fulfilled, personal information is destroyed without delay. Legally retained data is separated and destroyed after the required period.

TypeMethod
Electronic filesDeleted using technical measures that prevent recovery
Paper documentsShredded or incinerated
BackupsOverwritten or deleted according to the backup cycle

7. User rights and requests

RightDescriptionHow to exercise
AccessRequest access to personal information collected about youIn-app settings or email
CorrectionRequest correction of inaccurate informationProfile edit or email
DeletionRequest deletion of personal informationAccount deletion or email
RestrictionRequest suspension of processingEmail
Withdrawal of consentWithdraw consent to collection and useAccount deletion
PortabilityRequest export or transfer of your informationEmail or CSV export where available
  • Profile edits and account deletion are available in app settings.
  • Email requests can be sent to onrepforbty@gmail.com.
  • A representative may submit a request with proof of authorization.
  • Access, correction, deletion, and restriction requests are handled within 10 days of receipt where legally possible.

8. Security measures

MeasureDetails
EncryptionPassword hashing and TLS for data in transit
Access controlDatabase Row Level Security policies
Authentication securityJWT-based authentication and session expiry management
Offline dataTemporarily stored in the device app sandbox until server save succeeds
Running route filesThe encrypted server route is canonical. A local route file is kept encrypted with AES-256-GCM only as retry insurance before server save succeeds, then deleted after successful upload or session deletion.
Least privilegeSeparated operational access and personal data access
Regular reviewSecurity reviews and patching

9. Automatic collection tools

ToolPurposeData
Sentry SDKCrash and error trackingDevice information and stack traces
Firebase AnalyticsUsage analyticsScreen visits and anonymized events
  • You can limit analytics sharing in device settings.
  • On iOS, app analytics sharing can be disabled in privacy settings.
  • On Android, Google settings can limit personalization and analytics sharing.

10. Children's privacy

OnRep does not knowingly collect personal information from children under 14. If we learn that such information has been collected, we will delete it without delay.

11. Privacy contact

ItemDetails
NameWonwoo Kim
RoleCEO / Privacy Officer
Emailonrepforbty@gmail.com
General supportonrepforbty@gmail.com

For privacy infringement reports or counseling, users may contact the relevant public privacy, dispute resolution, prosecutor, or police cybercrime agencies in their jurisdiction.

12. Changes to this policy

This Privacy Policy may be revised due to changes in law or service operations. Material changes will be announced in app and by email at least 7 days before the effective date.

VersionEffective dateChanges
1.02026-04-01Initial publication

13. Governing privacy laws

This policy is operated in accordance with applicable Korean privacy, information network, and e-commerce consumer protection laws.

Privacy Policy

OnRep

OnRep

Email: onrepforbty@gmail.com

Privacy contact: onrepforbty@gmail.com

Website: https://onrepbybty.vercel.app

Effective date: April 1, 2026