PRIVACY POLICY
Last updated April 10, 2026
This Privacy Policy for Rewod, operated by Igor Syvets, New York, NY, USA ("we," "us," or "our") describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
- Visit our website at app.rewod.io (desktop and mobile web)
- Download and use our mobile application (Rewod) on iOS or Android
- Engage with us in any other related way, including support or feedback
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have questions or concerns, please contact us at support@rewod.io.
1. WHAT INFORMATION DO WE COLLECT?
Personal Information You Provide
We collect personal information that you voluntarily provide when you register, use our Services, or contact us. This includes:
| Category | Data Collected |
|---|---|
| Account & Identity | Name, email address, password (hashed), profile photo |
| Demographics | Gender group (for scoreboard display), age group (e.g., teens, masters) |
| Fitness & Workout Data | Workout results (weights, repetitions, rounds, times, distances), personal records, effort levels (Rx/Scaled/Foundations), exercise movements, training notes, benchmark scores, activity history |
| Social & Community Data | Comments on workout results, reactions ("fistbumps"), comment reports, blocked user lists |
| Gym/Space Membership | Gym associations, membership role (athlete, coach, manager, owner), permissions, join/leave dates |
| Preferences | Measurement units (kg/lbs), notification settings |
| Imported Data | Workout history imported from other platforms via CSV upload |
| Media | Profile photos uploaded via camera or photo library |
Information Collected Automatically
When you use our Services, we automatically collect certain information, including:
- Device information: Device platform (iOS, Android, or web), browser user agent, operating system version
- Usage data: Pages visited, features used, interaction events (e.g., workout submissions, navigation actions), timestamps
- Push notification tokens: Firebase Cloud Messaging (Android) or Apple Push Notification Service (iOS) tokens, used solely to deliver push notifications you have opted into
- Crash and error data: Stack traces, error messages, and device context collected when the app encounters errors
We do not collect GPS location data, health kit data, biometric data, or contact lists.
Information from Third-Party Authentication
If you sign in using Apple Sign-In or Google Sign-In, we receive your name and email address (or a relay email address in the case of Apple's "Hide My Email" feature) from the authentication provider. We do not receive your password from these providers.
A Note on Fitness Data
Workout performance data (such as weights lifted, exercise times, and activity frequency), especially when combined with gender and age group, may be considered health-related data under certain privacy laws, including the EU General Data Protection Regulation (GDPR) and the Washington My Health My Data Act. We treat this data with heightened care and process it only as described in this policy.
2. HOW DO WE PROCESS YOUR INFORMATION?
We process your personal information for the following purposes:
- To provide and maintain the Services: Creating and managing your account, storing your workout results, displaying leaderboards and personal records, enabling social features (comments, reactions), and managing gym memberships.
- To communicate with you: Sending push notifications about activity on your results (comments, reactions), gym announcements, and service-related updates.
- To improve our Services: Analyzing product usage patterns and feature adoption through analytics to understand how users interact with the app and identify areas for improvement.
- To ensure security and prevent fraud: Monitoring for errors, crashes, and suspicious activity; enforcing our Terms of Use.
- To provide customer support: Responding to your inquiries, feedback, and support requests.
- To comply with legal obligations: Meeting applicable legal requirements and responding to lawful requests.
Legal bases for processing (EEA/UK users):
- Contract performance: Processing necessary to provide you with the Services you signed up for (account management, workout tracking, social features).
- Legitimate interests: Product analytics, error monitoring, and service improvement, where these interests are not overridden by your rights.
- Consent: Push notifications, marketing communications, and processing of health-related fitness data. You may withdraw consent at any time.
- Legal obligation: Where processing is required by law.
3. WHO DO WE SHARE YOUR INFORMATION WITH?
Other Users Within Your Gym/Space
When you join a gym (space) on Rewod, the following information is visible to other members of that gym:
- Your name and profile photo
- Your workout results (displayed on scoreboards/leaderboards)
- Your comments and reactions on workout results and gym notes
- Your effort level (Rx, Scaled, Foundations) and gender group (for scoreboard filtering)
Gym staff (coaches, managers, owners) may additionally see your membership role and have the ability to moderate comments.
Third-Party Service Providers
We share data with the following categories of third-party processors, who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Firebase (Google Cloud Platform) | Authentication, database (Firestore), file storage (Cloud Storage), push notifications (Cloud Messaging), cloud functions (backend API) | All account data, workout results, profile photos, push notification tokens |
| Firebase Analytics (Google) | Product analytics and usage tracking | Anonymized usage events, screen views, feature interactions |
| Firebase Crashlytics (Google) | Crash and error reporting | Stack traces, error messages, device info, current screen name |
| PostHog | Product analytics | User ID, usage events, feature interactions, gym group information |
| Discord (webhooks) | Real-time error monitoring for development team | Error messages, stack traces, browser user agent, page URL (no personal identity data) |
| Stripe | Payment processing for gym subscriptions | Payment and billing information (managed directly by Stripe; see Stripe's Privacy Policy) |
| Apple | Sign-In with Apple authentication | Authentication tokens (see Apple's Privacy Policy) |
| Google Sign-In authentication | Authentication tokens (see Google's Privacy Policy) | |
| Google Ads | Conversion tracking (web version only) | Anonymized conversion events (see Google's Privacy Policy) |
| Meta (Facebook Pixel) | Conversion tracking and advertising (web version only) | Page views, conversion events (see Meta's Privacy Policy) |
We do not sell your personal information to third parties.
4. HOW LONG DO WE KEEP YOUR INFORMATION?
We retain your personal information for as long as necessary to provide you with the Services and fulfill the purposes described in this policy, unless a longer retention period is required by law.
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until you delete your account |
| Workout results & fitness data | Until you delete your account |
| Comments & social interactions | Until you delete your account or the content |
| Analytics data (Firebase Analytics, PostHog) | Up to 14 months (Firebase) / per PostHog retention settings |
| Crash reports (Crashlytics) | 90 days |
| Error logs (Discord) | Retained indefinitely in Discord channel history; contain no personal identity data |
When you delete your account, we delete your profile information, workout results, comments, and social interaction data from our active databases. Some data may persist in backups for a limited period and will be deleted in the normal course of backup rotation. Aggregated, anonymized data that cannot identify you may be retained indefinitely.
5. INTERNATIONAL DATA TRANSFERS
Our servers are located in the United States (Google Cloud, us-central1 region). If you access our Services from outside the United States, including from the European Economic Area (EEA), the United Kingdom, or Canada, your personal information will be transferred to and processed in the United States.
For transfers of personal data from the EEA/UK, we rely on:
- The EU-U.S. Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Our service providers' own compliance mechanisms (e.g., Google's data processing terms)
6. WHAT ARE YOUR PRIVACY RIGHTS?
All Users
Regardless of your location, you can:
- Access your data: View your profile, workout history, and personal records within the app at any time.
- Update your data: Edit your name, email, profile photo, gender group, age group, and measurement preferences in Settings.
- Delete your account: Permanently delete your account and all associated data through Settings > Delete Account.
- Control notifications: Enable or disable push notifications through your device settings.
- Block users: Block other users from interacting with your content.
EEA, UK, and Swiss Residents
Under the General Data Protection Regulation (GDPR), you additionally have the right to:
- Request a copy of your personal data in a portable format
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict processing based on legitimate interests
- Withdraw consent at any time (without affecting the lawfulness of prior processing)
- Lodge a complaint with your local data protection authority
California Residents
Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request its deletion, and opt out of any sale or sharing of personal information for advertising purposes. We do not sell personal information. Our web version uses third-party advertising tools (Google Ads, Meta Pixel) for conversion tracking; you may opt out of this tracking by disabling third-party cookies in your browser settings.
Canadian Residents
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access and correct your personal information and to withdraw consent for its collection, use, or disclosure.
To exercise any of these rights, contact us at support@rewod.io.
7. DATA SECURITY
We implement appropriate organizational and technical security measures to protect your personal information, including:
- Encrypted data transmission (HTTPS/TLS)
- Firebase Authentication with secure token management
- Role-based access controls within gym spaces
- Hashed passwords (for email/password accounts)
However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
8. DO WE COLLECT INFORMATION FROM MINORS?
Our Services are intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. The app includes a "teens" age group category for users aged 13–17; these users may use the Services with parental awareness.
If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@rewod.io.
9. DO WE USE COOKIES OR TRACKING TECHNOLOGIES?
Web Version (Desktop and Mobile Browsers)
When you use Rewod through a web browser, the following services may set cookies or use similar tracking technologies:
- Google Analytics / Google Ads: Sets cookies (such as
_ga,_gid) for usage analytics and conversion tracking. - PostHog: Sets cookies for session tracking and product analytics.
- Meta (Facebook Pixel): Sets cookies for conversion tracking and advertising measurement.
- Firebase Analytics: May set cookies for session and usage tracking.
- Stripe: May set cookies when payment components are loaded.
Mobile Apps (iOS and Android)
Our native mobile apps do not use browser cookies. Instead, they use:
- Firebase Analytics & PostHog: Native SDK analytics (no browser cookies; data is collected through the native app framework).
- Firebase Crashlytics: Native crash and error reporting.
- Local device storage: We store cached data locally on your device (using Capacitor Filesystem and Ionic Storage) to improve performance and enable limited offline access. This data is cleared when you sign out.
How to Control Cookies
You can control or disable cookies through your browser settings. Note that disabling cookies may affect the functionality of the web version. On mobile, you can limit ad tracking through your device's privacy settings (iOS: Settings > Privacy > Tracking; Android: Settings > Privacy > Ads).
Do Not Track Signals
Our web version does not currently respond to Do Not Track (DNT) browser signals. This is because there is no universally accepted standard for how to interpret DNT signals. You can opt out of tracking by disabling cookies in your browser settings or using browser extensions that block third-party trackers.
10. AUTOMATED DECISION-MAKING
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Workout rankings and scoreboards are based on straightforward sorting of submitted results and do not involve algorithmic profiling.
11. DO WE MAKE UPDATES TO THIS POLICY?
Yes, we will update this Privacy Policy as necessary to reflect changes in our practices, Services, or applicable laws. The updated version will be indicated by the "Last updated" date at the top of this policy.
If we make material changes that affect how we process your personal information, we will notify you through the app or by email before the changes take effect.
12. HOW CAN YOU CONTACT US?
If you have questions or comments about this Privacy Policy or wish to exercise your privacy rights, please contact us:
- Email: support@rewod.io
13. HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR DATA?
You can review and update most of your personal information directly within the Rewod app under Settings. To request a full export of your data or to delete your account and all associated data, you can either:
- Use the Delete Account option in Settings, or
- Email us at support@rewod.io
We will respond to data access and deletion requests within 30 days.