Privacy Policy

Ampersand Labs by Davide Morotti
Flüelastrasse 10, 8048 Zürich, Switzerland
Privacy contact: hello@repflow.ch

• Account data: email address, display name, and authentication identifiers.
• Profile & training data: body metrics (mass, height, body fat %, age, sex), training preferences, schedule, goals, injuries, equipment, and event goals you choose to provide.
• Usage data: workout sessions, exercise logs (sets, reps, weights, RPE, distance, duration), and timestamps.
• Technical data: IP address, browser type, device type, and access logs — kept short-term for security and abuse prevention.
• Cookies: see our cookie policy.

• To provide the core Service (account, logging, AI plan generation).
• To compute analytics that you see on your own dashboard.
• To prevent fraud, abuse, and to keep the Service secure.
• To comply with Swiss legal obligations.
• With your separate consent, to send product updates or marketing (you can opt out at any time).

We process your data on the basis of contract performance (providing the Service to you), our legitimate interests (security, abuse prevention, product improvement), legal obligation, and your consent where required.

When you generate a workout plan, we send the relevant subset of your profile and schedule data to an AI model provider acting as our processor. We do not transmit personally identifying information such as your email or full name as part of this request. The provider processes this data only to return a plan and is contractually prohibited from using it to train their models.

We do not sell your personal data. We share it only with vetted sub-processors that help us run the Service. All sub-processors are bound by data-processing agreements with confidentiality and security obligations. Our current sub-processors include:

• Paddle (Paddle.com Market Ltd) — our payment processor and Merchant of Record. Paddle handles checkout, billing, tax compliance, invoicing, subscription management, and refund processing for paid plans. See Paddle's privacy notice.
• Cloud hosting & database — for storing your account and training data and serving the Service.
• AI inference provider — to generate workout plans from the subset of profile data you submit (see Section 5).
• Email delivery provider — to send transactional and authentication emails.

Some sub-processors may process data outside Switzerland or the EU. When this happens, we rely on EU Standard Contractual Clauses (SCCs) and the Swiss FDPIC equivalents to ensure adequate protection.

Account and training data are retained for as long as your account exists. Technical logs are kept for a maximum of 90 days. After deletion of your account, we permanently erase your personal data within 30 days, except where law requires longer retention.

Under Swiss FADP you have the right to access, correct, delete, or restrict processing of your personal data, and to object or to receive your data in a portable format. To exercise any of these rights, email hello@repflow.ch. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

We use industry-standard measures (encryption in transit, encrypted backups, role-based access, principle of least privilege) to protect your data. No system is 100% secure; we will notify affected users of any breach involving high risk to their rights, as required by law.

We may update this policy from time to time. The "last updated" date at the top of this page reflects the latest revision. Material changes will be communicated via email or in-app notice.