Improof Logo
Home

Privacy Policy

REPS Technologies LLC

Version 1.1 - Effective Date: December 1, 2025

Last Updated: November 19, 2025

Note: This Privacy Policy covers Improof's current features. As we grow and add new capabilities, we'll update this policy and notify you of material changes.

1. INTRODUCTION

Welcome to Improof ("we," "our," or "us"). We provide a wellness and athletic performance platform designed for strength and conditioning coaches, personal trainers, and their athletes/clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

Our Platform Today

Currently Available:

  • Mobile app for athletes to track nutrition, workouts, and recovery
  • Web dashboard for coaches to manage athletes and create programs
  • AI-powered meal logging assistance
  • Secure authentication via Clerk
  • Coach-athlete connection system via email invitations

Coming Soon:

  • Integration with popular fitness wearables (heart rate, steps, sleep tracking)
  • Coach discovery features (search by location, specialty)
  • Coach subscription billing (currently in free beta)
  • Additional wearable device integrations
  • Advanced analytics features

2. INFORMATION WE COLLECT

Information You Provide

Account Information:

  • Email address (required)
  • Name
  • Account type (Coach or Athlete)
  • Password (managed securely by Clerk)

Profile Information:

  • Age, gender, height, weight
  • Fitness goals and preferences
  • Training experience level
  • Dietary preferences and restrictions

Activity Data:

  • Nutrition logs and meal photos
  • Workout logs and exercise data
  • Body measurements and progress photos
  • Recovery metrics and subjective wellness scores
  • Custom notes and comments

Coach-Specific Information:

  • Professional certifications (optional)
  • Business information (optional)
  • Payment information (when subscription billing launches)
  • Client roster and management data

Information Collected Automatically

Usage Data:

  • App/website usage patterns
  • Feature interaction data
  • Session duration and frequency
  • Device information (type, OS, version)
  • IP address (anonymized for analytics, full for security)
  • Browser type and language preferences
  • Referring website URLs
  • Pages visited and interactions with our website

Future Wearable Data (Not Yet Available):

When wearable integration launches, we will collect:

  • Heart rate data
  • Step counts
  • Sleep metrics
  • Other wellness metrics from connected devices

You will have full control over which devices to connect and what data to share.

3. COOKIES AND TRACKING TECHNOLOGIES

Types of Cookies We Use

Essential Cookies (Always Active):

  • Authentication cookies: Keep you logged in and secure your session
  • Security cookies: Detect and prevent security threats
  • Consent preference cookies: Remember your cookie consent choices

These cookies are necessary for our platform to function and cannot be disabled.

Analytics Cookies (Opt-In Required):

We use Google Analytics 4 (GA4) to understand how visitors interact with our website. These cookies are only set if you click "Accept All" in our consent banner.

Google Analytics 4:
  • Purpose: Website analytics and performance measurement
  • Provider: Google LLC
  • Data Collected:
    • Pages visited and time spent on each page
    • How you arrived at our site (referral source)
    • Device type, browser, and screen resolution
    • Anonymized IP address (last octet removed)
    • General location (country/city level, not precise)
    • Interactions with website elements (clicks, scrolls)
  • Cookie Names: _ga, _ga_*, _gid, _gat
  • Duration: Up to 2 years
  • GDPR Compliance: We have enabled IP anonymization and disabled data sharing with Google for advertising purposes
  • Learn More: Google Privacy Policy

Your Cookie Choices

Managing Cookies:

  • First visit: You'll see a consent banner asking for your preferences
  • Accept All: Allows both essential and analytics cookies
  • Reject All: Only essential cookies are set; analytics are blocked
  • Change your mind: Clear your browser cookies to see the consent banner again

Browser Controls:

You can also control cookies through your browser settings:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Cookies and website data
  • Edge: Settings → Cookies and site permissions

Note: Blocking essential cookies may affect your ability to use certain features of our platform. Analytics cookies can be disabled without affecting functionality.

Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. We respect your choice and do not load analytics cookies when DNT is enabled. However, essential cookies are still required for the platform to function.

Google Analytics Opt-Out

You can opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on.

4. HOW WE USE YOUR INFORMATION

Primary Uses

We use your information to:

  • Provide and maintain our platform
  • Enable coach-athlete connections and data sharing
  • Power AI-assisted meal logging
  • Generate insights and progress tracking
  • Send important service updates
  • Provide customer support

We Do NOT:

  • Sell your personal data to third parties
  • Share your data with advertisers
  • Use your health data for marketing purposes
  • Share athlete data with coaches without explicit consent

Aggregated Data

We create and own anonymized, aggregated data to:

  • Improve our services and develop new features
  • Conduct research on training and nutrition patterns
  • Generate industry insights and benchmarks
  • Create success stories (only with explicit permission)
  • Demonstrate platform effectiveness

Important: This aggregated data cannot identify individuals and becomes property of REPS Technologies LLC. We may use success metrics like "80% of users who train 3x per week achieve their goals" without identifying anyone.

5. COACH-ATHLETE DATA SHARING

How It Works

Athlete Control:

  • Coaches must request access using your email address
  • You must explicitly accept each coach request
  • You can revoke coach access at any time
  • You control what data coaches can see

Coach Access:

When you accept a coach connection, they can view:

  • Your tracked nutrition, workout, and recovery data
  • Progress photos and measurements (if you choose to share)
  • Your training history and trends
  • Notes and comments you add to your logs

Coach Limitations:

  • Coaches cannot access your account credentials
  • Coaches cannot modify your data without your knowledge
  • Coaches cannot prevent you from disconnecting
  • Coaches cannot export bulk athlete data

Important Disclaimer: We cannot control the actions of coaches or trainers once they have access to your data. It is your responsibility to ensure that coaches act in accordance with your agreed-upon terms. We are not party to any agreements between coaches and athletes.

6. DATA SECURITY

Our Security Measures

We implement industry-standard security practices including:

  • End-to-end encryption for data transmission
  • Encryption at rest for stored data
  • Secure authentication via Clerk (SOC 2 certified)
  • Regular security audits and updates
  • Access controls and audit logging
  • Secure cloud infrastructure

Your Security Responsibilities

  • Use a strong, unique password
  • Enable multi-factor authentication (recommended)
  • Keep your account credentials confidential
  • Report any suspicious activity immediately
  • Review coach access permissions regularly

7. THIRD-PARTY SERVICES

Current Service Providers

We work with trusted service providers:

Google Analytics 4:

  • Purpose: Website analytics and performance measurement (opt-in only)
  • Data: Anonymous usage statistics, page views, user interactions
  • Privacy: IP anonymization enabled, advertising features disabled
  • Learn More: Google Privacy Policy

Convex (Database and Backend):

  • Purpose: Data storage, real-time sync, and backend infrastructure
  • Data: All user data, workout logs, nutrition data, coach-athlete connections
  • Security: SOC 2 Type II, GDPR, and HIPAA compliant infrastructure
  • Note: While Improof is not HIPAA-regulated, we choose infrastructure with healthcare-grade security

Clerk (Authentication):

  • Purpose: User authentication and session management
  • Data: Email, authentication tokens, session data
  • Security: SOC 2 Type II certified

Future Integrations:

  • Wearable device APIs (Garmin, Apple Health, etc.)
  • Payment processing (Stripe - PCI DSS compliant)

All service providers are bound by data protection agreements.

8. YOUR PRIVACY RIGHTS

Access and Control

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Delete your account and data
  • Export your data in a portable format
  • Opt-out of non-essential data collection
  • Manage coach connections

Data Deletion

You can delete your account at any time through the app settings. Upon deletion:

  • Your personal data will be removed within 48 hours
  • Coaches will lose access to your data
  • Some anonymized, aggregated data may be retained
  • Legal obligations may require limited data retention

Regional Rights

California Residents (CCPA):

Additional rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination

EU/UK Residents (GDPR):

Additional rights including:

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge complaints with supervisory authorities

9. DATA RETENTION POLICY

Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Our retention periods vary based on the type of data and how it's used:

Active Account Data:

Data TypeRetention PeriodReason
Account Information (email, name)Duration of account + 30 daysAccount management and recovery
Workout & Nutrition LogsDuration of accountService provision and historical tracking
Progress Photos & MeasurementsDuration of account or until deleted by userProgress tracking
Coach-Athlete MessagesDuration of relationship + 90 daysCommunication history and dispute resolution
AI Chat Interactions90 daysService improvement and support

Inactive Account Data:

  • Accounts inactive for 12 months: We may send reminder emails about account status
  • Accounts inactive for 24 months: Account and associated data may be scheduled for deletion
  • Coach accounts: Retained for 36 months of inactivity due to potential client relationships

Post-Deletion Retention:

After you delete your account, we retain certain data for limited periods:

  • Transaction records: 7 years (legal requirement for financial records)
  • Legal compliance data: As required by applicable laws (varies by jurisdiction)
  • Anonymized/Aggregated data: Indefinitely (cannot identify individuals)
  • Backup systems: Up to 90 days (automated deletion from backups)

Data Deletion Process

User-Initiated Deletion:

  • You can delete individual workout logs, meals, or photos at any time
  • Account deletion requests are processed within 48 hours
  • Coach-athlete connections can be terminated immediately
  • Deletion is permanent and cannot be reversed

Automated Deletion:

  • Temporary files and caches: Cleared every 7 days
  • Session data: Cleared after 30 days of inactivity
  • Failed upload attempts: Deleted after 24 hours
  • Email verification tokens: Deleted after 48 hours

Special Circumstances

Legal Holds:

We may retain data longer than stated if:

  • Required by law enforcement or court order
  • Necessary for legal proceedings or disputes
  • Required to establish, exercise, or defend legal claims
  • Needed to investigate potential terms of service violations

Coach Data Responsibilities:

Important for Coaches: When an athlete disconnects from you or deletes their account, you will lose access to their data immediately. We recommend coaches maintain their own records in compliance with their professional requirements and applicable laws.

Your Rights Regarding Data Retention

You have the right to:

  • Request information about what data we retain and for how long
  • Request early deletion of your data (subject to legal requirements)
  • Export your data before deletion
  • Object to retention for specific purposes

Data Portability

Before deleting your account, you can export your data in common formats:

  • Workout data: CSV or JSON format
  • Nutrition logs: CSV or JSON format
  • Progress photos: Original image files
  • Account information: JSON format

Third-Party Data Retention

Our service providers have their own retention policies:

  • Convex (Database): Follows our retention instructions; maintains backups for 30 days
  • Clerk (Authentication): Retains authentication logs for 90 days
  • Future payment processor: Will retain transaction records per PCI compliance (typically 7 years)

Note: We regularly review and update our retention policies to ensure we're not keeping data longer than necessary while meeting our legal obligations and providing you with a valuable service.

10. CHILDREN'S PRIVACY

Our services are not intended for children under 13. We do not knowingly collect information from children under 13. Athletes ages 13-17 should have parental consent to use our platform.

11. HIPAA DISCLAIMER

Important: Improof is designed for fitness professionals, strength coaches, and personal trainers. We are NOT a medical device or healthcare platform, and we are NOT regulated under HIPAA.

Our platform is intended for general wellness and fitness tracking, athletic performance optimization, and nutrition and training support—NOT for medical diagnosis, treatment, or healthcare delivery.

While we implement strong security measures, coaches and trainers using Improof are responsible for determining if their practice requires HIPAA compliance.

12. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable laws.

13. CHANGES TO THIS POLICY

We will update this policy as our platform evolves. We will notify you of material changes via:

  • Email notification
  • In-app announcement
  • Website notice

Continued use after changes indicates acceptance of the updated policy.

14. CONTACT US

For privacy questions or concerns:

Email: contact@improof.app
REPS Technologies LLC
Address: 90 Woodbridge Center Dr #900, Woodbridge, NJ 07095

For data protection inquiries (EU/UK):
Email: contact@improof.app

Effective Date: December 1, 2025
Version: 1.1
Last Updated: November 19, 2025