Privacy Policy
Last updated: June 30, 2026
RepDeck (“we”, “the app”) helps athletes turn gym whiteboard workouts into shareable workout cards and update Strava activity descriptions. This policy explains what we collect, how we use it, and your choices.
Information we collect
- Account information — email address and authentication credentials managed through Amazon Cognito when you sign up or sign in.
- Strava data — if you connect Strava, we access activity data you authorize (such as recent activities and permission to update activity title/description). OAuth tokens are stored encrypted on our backend.
- Photos you provide — whiteboard images you photograph or select from your library, uploaded to our storage for parsing and card generation.
- Workout content you create — parsed workout text, edits you make, generated card images, and related metadata stored in your account.
- Device permissions — camera and photo library access only when you use those features; saved cards may be written to your photo library if you choose “Save to Phone”.
How we use information
- Authenticate you and keep your data separated from other users.
- Read your recent Strava activities so you can pick one to attach to a card.
- Parse whiteboard photos into structured workout data using AI vision.
- Generate workout card images and store them in your account.
- Update Strava activity title/description when you explicitly request it.
- Operate, secure, and improve the service.
AI processing
Whiteboard images are sent to OpenAI for optical character recognition and workout extraction. We do not send Strava statistics, heart rate, or other activity metrics to AI models. You review and can edit parsed workout text before generating a card or updating Strava.
Third-party services
- Amazon Web Services (AWS) — authentication, database, file storage, and backend processing.
- Strava — activity data and write access when you connect your account. Strava’s policy applies to data held by Strava: strava.com/legal/privacy
- OpenAI — whiteboard image analysis only.
- Apple / Google — app distribution, TestFlight, and device platform services as applicable.
Data retention & deletion
We retain account data, uploaded images, and generated cards while your account exists and as needed to provide the service. You may disconnect Strava in the app at any time. To request account or data deletion, contact us at the email below.
Security
Strava access tokens are encrypted at rest. Backend APIs require authenticated access. User content is scoped to your account. No system is perfectly secure; use a strong, unique password for your RepDeck account.
Children
RepDeck is not directed at children under 13, and we do not knowingly collect their data.
Changes
We may update this policy from time to time. The “Last updated” date at the top will change when we do.
Contact
Questions or privacy requests:
cjmoses7@gmail.com