Skip to content
Back to home

Privacy Policy

Last updated: March 22, 2026

1. Introduction

ReelFit, operated by Richard Herrada ("we", "us", or "our"), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use the ReelFit application at https://reel.fitness, including any associated iOS application ("the Service").

2. Information We Collect

Account Information

When you create an account, we collect your email address, username, and display name. If you sign in with Google, we receive your name and email. If you use Sign in with Apple, we receive your name and either your real email or an Apple-generated relay email, depending on your choice. We do not receive your Apple ID or Google password.

Workout Data

We store the workouts you create, save, and log, including exercise names, sets, reps, weights, duration, and workout history. This data is essential to providing the Service.

Saved Workout Content

When you save a workout via URL, image, or text, you initiate a process where ReelFit reads publicly available content at the URL you provide and uses AI to extract exercise metadata (exercise names, sets, reps, weights). No video, audio, or original media is downloaded or stored. For image uploads, we process the image through AI to extract workout details and do not retain the original image after processing.

Coach Mode Sessions

When you use Coach Mode, your workout context and session data are processed to provide real-time exercise guidance. Coach Mode session counts are associated with your account.

Usage Data

We collect basic usage analytics to improve the Service, including pages visited, features used, and error logs. We do not track your location or record your browsing activity outside of ReelFit.

Payment Information

On the web, payment processing is handled by Stripe. On iOS, payments may be handled by Apple In-App Purchase. We do not store your credit card number or payment details. We receive only your customer ID and subscription status from the applicable payment processor.

3. How We Use Your Information

  • To provide and maintain the Service, including workout tracking and save features
  • To authenticate your identity and secure your account
  • To process workout saves using AI (OpenAI) to extract exercise metadata from content you provide
  • To provide Coach Mode exercise guidance
  • To manage your subscription and billing
  • To send transactional emails (password resets, account notifications)
  • To improve the Service based on usage patterns and feedback
  • To detect and prevent abuse, fraud, and security incidents

4. Third-Party Services

We share data with the following third-party services only as necessary to operate the Service:

  • Supabase — database hosting, authentication, and file storage
  • OpenAI — AI processing of workout content you provide (URLs, text, and images) and Coach Mode guidance. Data sent to OpenAI includes the text/image content you submit. Per our API agreement (OpenAI Business Terms), this data is not used to train OpenAI's models. OpenAI may retain data for up to 30 days for abuse monitoring per their data usage policy.
  • Stripe — payment processing for web subscriptions
  • Apple — In-App Purchase processing for iOS subscriptions, Sign in with Apple authentication
  • Google — OAuth authentication (only if you choose to sign in with Google)

We do not sell your personal data to any third party.

5. Data Storage and Security

Your data is stored in Supabase's cloud infrastructure in the United States with row-level security policies ensuring that you can only access your own data. All data is transmitted over HTTPS. We implement rate limiting, input validation, and security monitoring to protect against unauthorized access. While we take reasonable measures to protect your data, no system is 100% secure.

6. International Data Transfers

Your data may be processed and stored in the United States. By using the Service, you consent to the transfer of your data to the United States. We rely on standard contractual clauses and other appropriate safeguards for international data transfers where required by applicable law.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated personal data, workout logs, and saved workout metadata are permanently deleted from our active systems within 30 days. Backups may persist for up to 90 days before being purged. We may retain anonymized, aggregated data for analytics purposes. Data sent to third-party processors (OpenAI, Supabase) is subject to their respective retention policies.

8. Your Rights

You have the right to:

  • Access — view the personal data we hold about you through your account settings
  • Correction — update your profile information at any time
  • Deletion — delete your account and all associated data from account settings
  • Export — request a copy of your data by contacting us
  • Objection — object to certain data processing by contacting us

For Users in the European Economic Area (EEA)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is: (a) performance of a contract (providing the Service), (b) your consent (where applicable), and (c) our legitimate interests (improving the Service and preventing abuse). To exercise your GDPR rights, contact us at reelfitsupport@gmail.com.

For California Residents

Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at reelfitsupport@gmail.com.

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities within 72 hours as required by applicable law.

10. Cookies and Local Storage

We use essential cookies and local storage for authentication (session tokens) and basic preferences (e.g., install prompt dismissal). We do not use tracking cookies or third-party advertising cookies. Analytics, if enabled, use privacy-respecting tools that do not track individual users across websites.

11. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at reelfitsupport@gmail.com.