Privacy Policy

Effective: 2 June 2026

Last updated: 5 June 2026

Introduction

SteelRep (“we”, “us”, “our”) is operated by ThoughtGears Ltd, a company registered in England and Wales. This Privacy Policy explains how we collect, use, and protect your personal data when you use the SteelRep mobile application.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the California Consumer Privacy Act (CCPA).

Data Controller

ThoughtGears Ltd is the data controller for your personal data.

Contact: privacy@steelrep.app

Data We Collect

SteelRep does not require an account. There is no sign-up, no login, and no password. We never ask for your name or email address to use the app.

Workout Data (stored on your device, not by us)

Your workout activity — including:

  • Exercise logs (sets, reps, weight)
  • Workout history
  • Personal records
  • Custom exercises
  • Program selections and progress

— is stored locally on your device. On iOS it syncs privately across your own devices via your iCloud account (Apple); on Android it is included in your device’s encrypted backup via Android Auto Backup (Google). We never receive, store, or have access to your workout data. Sync and backup are handled by Apple or Google and governed by their respective privacy policies (Apple, Google).

Health Connect (Android)

With your explicit permission, SteelRep integrates with Android Health Connect:

  • Reads your body weight — only to pre-fill sensible starting weights when you calibrate a program. It is used on-device at that moment; we do not store or transmit it.
  • Writes completed workouts — when you finish a session, SteelRep can write it to Health Connect as an exercise session so it appears alongside your other health data.

This data is managed by Health Connect on your device, under your control: you grant or revoke access at any time in Health Connect settings, and SteelRep works fully without it. We never transmit your Health Connect data off your device, never use it for advertising, and never sell or share it. Our use of Health Connect data complies with the Health Connect Permissions policy and is limited to the features described above.

Device Data

  • Device type and operating system
  • App version
  • Crash reports (via Firebase Crashlytics)

Crash Reports

If you leave Help improve SteelRep enabled, we collect crash reports to maintain app stability. Crash reports include stack traces, device model, and OS version. They do not contain personal workout data or personally identifiable information.

Analytics Data

If you leave Help improve SteelRep enabled, we collect anonymous usage analytics to understand which features are most valuable and improve the app experience. This covers how you move through the app — for example screens visited and features used. We do not collect any workout content: no exercises, weights, reps, personal records, or which program you follow.

Your Choice: Help improve SteelRep

A single Help improve SteelRep setting controls both crash reports and analytics. When you first set up SteelRep, the Get Started screen explains that these are enabled to help improve the app and links to this policy. You can turn them off at any time in Settings → Privacy, and the app remains fully functional if you do. Changes take effect immediately.

How We Use Your Data

Your workout data stays on your device and in your private iCloud account — we do not receive or use it. The limited diagnostic and analytics data we do collect is used to:

  • Maintain app stability and fix crashes
  • Understand which features are most valuable and improve the app
  • Respond to support requests you send us

Progression, personal records, and reminders are all calculated and scheduled on your device.

Under UK and EU GDPR, we process the limited diagnostic and analytics data described above based on your consent (GDPR Art. 6(1)(a)), which you give when you set up the app and can withdraw at any time in Settings → Privacy. Withdrawing consent stops all further collection; it does not affect data already processed.

Data Retention

  • Workout data: Stored on your device and in your iCloud account, under your control. We hold no copy. Deleting it in the app, or removing the app and its iCloud data, erases it.
  • Analytics data: Aggregated data retained for 26 months
  • Crash reports: Retained for 90 days

Data Sharing

We do not store your workout data, so there is nothing for us to share. The limited diagnostic and analytics data we collect is processed only by:

  • Google (Firebase): Crash reporting (Crashlytics) and anonymous usage analytics (Google Analytics for Firebase). We do not use Firebase for hosting, authentication, or storing your workout data.
  • Apple (iCloud): Syncs your workout data privately across your own devices. We have no access to it.
  • Apple / Google: App Store and Google Play distribution and subscription payment processing. We do not receive your payment details.

We do not sell your personal data.

Your Rights

Under UK GDPR, EU GDPR, and CCPA, you have the right to:

  • Access: Your workout data lives on your device — you can view and export it directly in the app. For the diagnostic/analytics data we hold, you can request a copy.
  • Rectification: Correct inaccurate data
  • Erasure: Delete your workout data on your device and in iCloud at any time, and request deletion of the diagnostic/analytics data associated with your device
  • Portability: Export your workout data from the app in a machine-readable format
  • Restriction: Limit how we process your diagnostic/analytics data
  • Objection: Object to certain processing activities
  • Withdraw consent: Opt out of analytics and crash reporting at any time

To exercise these rights, contact privacy@steelrep.app or use the in-app settings.

Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Your workout data is protected by your device’s encryption and by Apple’s iCloud encryption — we never hold it
  • Encryption in transit (TLS/HTTPS) for diagnostic and analytics data
  • Encryption at rest for the limited data held by our analytics processors
  • Regular security reviews

International Transfers

Your data may be transferred to and processed in countries outside the UK/EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses with our processors.

Children’s Privacy

SteelRep is intended for users aged 18 and over and is age-gated accordingly at first launch. We do not knowingly collect data from anyone under 18.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via the app or email.

Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@steelrep.app

Data Protection: ThoughtGears Ltd, United Kingdom

Complaints

If you’re not satisfied with our response, you can lodge a complaint with:

UK: Information Commissioner’s Office (ICO) at ico.org.uk

EU: Your local data protection authority