REPPY

Reppy Privacy Policy

Effective date: May 12, 2026 Last updated: May 12, 2026

Reppy is a social fitness app operated by Tangor Digital LLC ("Reppy", "we", "us"). This policy explains what we collect, how we use it, who we share it with, and the rights you have over your data.

If you have questions, contact us at support@tangordigital.com.

1. Information We Collect

Information you provide

  • Account information — email address (used to sign in via one-time code), handle, display name, optional bio, optional avatar photo.
  • Workout posts — photos, captions, workout type, duration, calories, heart rate, distance, source attribution, weigh-ins, and the list of friends you tag.
  • Goals & progress — fitness goals you adopt, body weight entries, starting weight, target weight.
  • Friend graph — friend requests you send and accept.
  • Reports — when you report a post or user, we store the reason, optional details, and the targeted content for review.
  • Blocks — when you block someone, we store the pair so we can filter content in both directions.

Information collected automatically

  • Apple HealthKit data (only with your permission) — workout type, duration, calories, heart rate, distance, body mass. Read-only; we never write to your Health data.
  • Device timezone — used so the 3-day challenge expiry behaves correctly across time zones.
  • Crash and error logs — basic diagnostic events that help us fix bugs.

Information we do NOT collect

  • We do not collect precise location.
  • We do not use third-party advertising SDKs.
  • We do not sell your data.
  • We do not track you across other apps or websites.

2. How We Use Your Information

We use the information above to:

  • Operate the Reppy service — sign you in, show your feed, deliver friend requests, run the 3-day challenge expiry.
  • Sync your data across devices using your account.
  • Enforce our Community Guidelines — reviewing reports, blocking abusive users, removing content that violates the rules.
  • Communicate with you about your account, security, or material changes to the app.
  • Diagnose and fix problems with the service.

3. How We Share Your Information

  • With other Reppy users — by design, your posts are visible to the friends you accept. Your handle, display name, and avatar are visible to anyone who can see your posts. Your weight goals, weigh-ins, email address, and report history are never shown to other users.
  • Service providers — we use Supabase (Postgres + Storage), Resend (transactional email), and Apple (push, in-app receipts) to operate Reppy. They process data on our behalf under their own privacy terms.
  • Legal compliance — we may disclose information if required by law or to protect rights, safety, or the integrity of the service.

We do not sell or rent personal information.

4. Content Moderation & 24-Hour Review SLA

Reppy is a user-generated content platform. We review reports of objectionable content and abusive users within 24 hours and take appropriate action, including:

  • Removing posts that violate our Community Guidelines.
  • Restricting or terminating accounts that engage in harassment, nudity, hate speech, self-harm content, threats, or other prohibited behavior.

You can report content via the ⋯ menu on any post or profile, or by emailing support@tangordigital.com. You can block any user from their profile to immediately stop seeing each other's content.

5. Data Retention & Deletion

  • Active posts are stored until you delete them or your account.
  • Challenges auto-expire 3 days after they're posted; tag rows persist as a historical record (for streaks and Reppy Points) but you can delete the originating post any time.
  • Account deletion — Settings → Account → Delete account permanently removes your profile, posts, photos, friendships, goals, weigh-ins, blocks, and reports. This action cannot be undone. Server-side deletion happens in the same call.
  • Sign out keeps your data on the server so you can sign back in later. To wipe data, use Delete account.
  • Backups — Supabase keeps short-term backups for disaster recovery. Deleted data is purged from backups on the rolling backup window (typically 7 days).

6. Children's Privacy

Reppy is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, email support@tangordigital.com and we will delete it.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data (Settings → Account → Delete account).
  • Object to or restrict certain processing.
  • Receive a copy of your data in a portable format — email support@tangordigital.com.

We do not discriminate against users who exercise these rights.

8. Security

We use industry-standard protections: TLS in transit, encryption at rest at the storage provider, scoped Row-Level Security so users can only read data they're authorized to see, and one-time-code email authentication (no passwords stored). No system is perfectly secure; please use a unique email and keep your inbox secure.

9. International Users

Reppy is operated from the United States. By using Reppy, you understand your information will be processed in the United States.

10. Changes to This Policy

We may update this policy from time to time. If we make material changes, we'll notify you in the app or by email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Tangor Digital LLC Email: support@tangordigital.com

For privacy-specific requests, please put "Privacy request" in the subject line so we can route it quickly.