Privacy Policy
1. Who We Are
Rekomp ("app", "we", "us") is a strength training tracker integrated with personal GLP-1 medication logging.
Rekomp is currently operated by Kayo Rodrigues de Lima, an individual, acting as data controller under the Brazilian General Data Protection Law (Lei nº 13.709/2018 — "LGPD") and applicable international privacy frameworks.
Mailing address: Curitiba, Paraná, Brazil.
Data Protection Officer (DPO) / Privacy contact: dpo@rekomp.com.br
If Rekomp is transferred to a legal entity in the future, this Policy will be updated to reflect the new controller, with prior notice to users through the app.
2. The Core Principle: Local Storage
Rekomp was designed with a local-first (offline-first) architecture. In concrete terms:
- The app has no account system. You do not create a login, email, or password.
- The app has no proprietary server that receives or stores your personal data.
- All data you enter is stored in a local database (SQLite) on your own device.
- The app does not sync your health, workout, or photo data to the cloud.
- If you uninstall the app or use "Erase all data," your data is permanently deleted from the device — we hold no copy.
As a practical consequence: we, the operators of Rekomp, do not have access to your workout logs, medication doses, symptoms, weight, or body photos. They never leave your device through the app.
3. Data Processed Locally on Your Device
The following data is entered by you and stays only on your device:
| Category | Examples | Where it lives |
|---|---|---|
| Basic identification | Name or nickname you type, body weight, protein goal | Local SQLite |
| Health data (sensitive) | GLP-1 medication, dose, injection date and time, injection sites, symptoms and severity, notes | Local SQLite |
| Workout | Routines, exercises, sets, reps, loads, RPE, session history | Local SQLite |
| Nutrition | Protein logs, meals, custom foods | Local SQLite |
| Body photos | Progress photos you optionally add | Private app folder on device |
4. Data We Collect for Technical Operation and Improvement
While your health data stays local, the app uses technical tools that process non-health data for stability and product improvement:
4.1 Usage Analytics (PostHog)
We use PostHog to understand how the app is used in aggregate (e.g., which screens are accessed, whether onboarding was completed, how often the app is opened). These events are designed to not contain sensitive health data — we do not log specific medication names, doses in mg, symptoms, or photo content as event properties.
4.2 Crash Reporting (Sentry)
We use Sentry to detect and fix app errors and crashes. When an error occurs, technical information is collected (error type, screen, device model, OS version) for diagnosis. We do not send your health data in these reports.
4.3 Push Notifications
The app schedules local notifications on your device (e.g., rest timer end between sets). For notifications to work, there may be technical processing of a notification identifier by the platform's notification service (Apple APNs or Google FCM).
4.4 App Stores (Apple and Google)
When you download or update Rekomp from the App Store or Google Play, Apple and Google collect data according to their own privacy policies, outside our control (e.g., download metrics and performance data). We recommend reviewing those platforms' policies.
4.5 Payments (future)
The app is currently free. In the future, a paid subscription plan may be offered. When that occurs, payment processing will be handled by Apple (App Store) and/or Google (Google Play) and/or a specialized intermediary (e.g., RevenueCat), subject to those companies' privacy policies. We do not collect or store credit card data. This Policy will be updated with relevant details before any billing is activated.
5. Third-Party Service Providers
The companies below act as processors or service providers, handling only the technical data described in Section 4:
| Service | Purpose | Policy |
|---|---|---|
| PostHog | Aggregated usage analytics | posthog.com/privacy |
| Sentry | Crash reporting | sentry.io/privacy |
| Apple | Distribution and (future) payments | apple.com/legal/privacy |
| Distribution and (future) payments | policies.google.com/privacy |
We do not sell, rent, or commercialize personal data. We do not share health data with insurers, employers, advertisers, or pharmaceutical companies.
6. Legal Basis for Processing
We process data based on the following legal grounds:
- Performance of service: data you enter locally is necessary for the app to function (logging workouts, medication, nutrition, progress).
- Legitimate interest: aggregated technical usage and crash data, to ensure stability and improve the product, always proportionally.
- Consent: for processing sensitive health data you enter and for usage analytics, upon your acceptance of this Policy and the privacy options available in app settings.
7. Your Rights
You have the following rights at any time:
- Access and portability: the app has a built-in function to export all your data as a JSON file, directly on the device.
- Correction: you can edit any record directly in the app.
- Deletion: the "Erase all data" function permanently removes your records and photos from the device. Uninstalling the app also deletes local data.
- Opt-out of analytics: you can disable usage analytics in app settings.
- Contact: for any other requests, contact dpo@rekomp.com.br.
Because we hold no server-side copy of your health data, the most direct way to exercise deletion and portability rights is through the app's own functions.
8. California Residents — CCPA / CPRA Notice
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know: you may request information about what personal data we collect and how it is used. Given that health data stays on your device and we do not hold it, the technical data we process through PostHog and Sentry is limited to anonymized usage events and crash reports.
- Right to delete: you may request deletion of personal data we hold. Use the app's "Erase all data" function for local data. For analytics and crash data, contact dpo@rekomp.com.br.
- Right to opt out of sale: we do not sell personal data. This right is not applicable.
- Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.
To exercise CCPA rights, contact us at dpo@rekomp.com.br. We will respond within 45 days as required by law.
9. International Users
Rekomp is available internationally. The app is operated from Brazil, and this Policy is primarily governed by Brazilian law (LGPD). Users outside Brazil — including users in the United States and the European Union — are welcome to use the app. Because your health data never leaves your device, there is no international transfer of health data. The limited technical data processed by PostHog and Sentry is subject to those providers' own privacy policies and data transfer mechanisms.
10. Security
We adopt technical and organizational measures appropriate to the local nature of the app:
- Data stored in the app's protected sandbox within the device operating system.
- Technical communications (analytics and crashes) transmitted over encrypted connections (HTTPS).
- Data minimization: analytics events are designed to not contain sensitive health data.
No system is absolutely secure. Since data lives on your device, the physical and logical security of your device (screen lock, OS updates, not using a compromised device) also matters for protecting your information.
11. Data Retention and Deletion
Your data stays on the device as long as you keep the app installed and do not request deletion. There is no server-side retention because there is no server storing this data. Deletion is controlled by you through the app.
12. Children
Rekomp is not intended for users under 18 years of age. The app addresses prescription medication and strength training, topics that require adult supervision and professional guidance. We do not knowingly collect data from minors. If a minor has used the app, we recommend uninstalling and deleting data by a parent or legal guardian.
13. Educational Content — Not Medical Advice
14. Changes to This Policy
This Policy may be updated to reflect changes to the app, third parties, or applicable law. Relevant changes will be communicated through the app. The date of the last update and version number appear at the top of this document.
15. Contact
Questions, requests, or exercise of rights: dpo@rekomp.com.br