RePlan Privacy Policy

Last updated: 2026-05-23

RePlan is built to help you stick to a fitness or weight goal. It runs almost entirely on your phone. This page explains exactly what data it touches, what leaves your device, and what doesn’t.

Plain English first; the technical and legal details follow.

TL;DR

Your Apple Health data never leaves your phone. Not sleep, not heart rate, not weight, not workouts. RePlan reads it locally and uses it locally.
Your meal photos are sent to our backend once for AI calorie estimation, then immediately discarded. They are not stored, not used for training, and not shared with anyone except the LLM provider that does the recognition.
Your event descriptions (the text you type for “Add event”) are sent to our backend once for AI parsing, then immediately discarded.
We do not track you. No analytics SDKs, no advertising IDs, no third-party trackers. Nothing fingerprints you across apps.
We do not sell or share your data with anyone for marketing, advertising, or research.
Profile, meals, plan, and history all live in your phone’s local storage. Uninstall the app = delete every byte we touched.

1. Data that stays on your device

The following data is read by RePlan, used by RePlan, and never sent anywhere:

From Apple Health (HealthKit)

Data	Why RePlan reads it
Sleep analysis	To estimate recovery and pace today’s workout intensity
Heart-rate variability (HRV)	Primary signal for your daily readiness score
Resting heart rate (RHR)	To spot fatigue trends across the week
Body mass (weight)	To track progress toward your goal and chart it on Progress
Active energy / workouts	To credit calories burned against your daily kcal budget

Apple requires that HealthKit data only be used for the purposes shown in the permission prompt. We comply: HealthKit data is read only on-device, only when the app is open, and only to compute the values shown on Today, Progress, and Plan. It is not written to any external service.

Stored on your device only

Your profile (name, age, sex, height, weight)
Your goals (target weight, timeline, preferences)
Your meal log (name, calories, macros, timestamps)
Generated plans and history
Upcoming events you’ve added

These live in iOS’s standard UserDefaults storage, inside the RePlan app sandbox. iOS encrypts the device at rest. They sync nowhere — not iCloud, not our servers, not any third party.

Uninstalling the app deletes all of the above.

2. Data that briefly leaves your device

RePlan sends two kinds of input to our backend for AI processing. Both are processed in memory and discarded — neither our servers nor the AI provider store them after the response.

Meal photo

When you tap “Log meal” and capture a photo:

The photo is resized to ~1280px and compressed.
It is sent to our backend over HTTPS along with an authentication token that proves the request came from a real installation of the RePlan app.
The backend forwards the photo to a large language model (LLM) provider (currently Anthropic via OpenRouter) for calorie/macro/weight estimation.
The model returns structured estimates (kcal, protein, carbs, fat, weight, ingredients).
The photo is then discarded from our backend’s memory. We do not log it, archive it, or retain it.
LLM providers we use have their own data-handling commitments — see Section 4.

Event description (free text)

When you type a description for “Add event”:

The text is sent over HTTPS to our backend with the same authentication token.
It is forwarded to the same LLM provider for structured parsing.
The model returns structured event fields (type, when, intensity, recovery impact, suggested plan adjustments).
The text is then discarded from our backend’s memory.

What we never send

We never send to any server:

HealthKit data of any kind
Your meal log history
Your profile, sessions, or generated plans
Anything else not explicitly mentioned above

3. Authentication and minimal account data

RePlan does not require an account. There is no sign-up. No email, password, or sign-in is collected.

The app talks to our backend using a built-in API token that is identical for every installation; we do not associate requests with individual users. We do not maintain a user database.

4. Third parties

We use the following third-party services, narrowly:

Cloudflare hosts our backend as a Workers function. Cloudflare may briefly process request metadata (IP address, headers) for the purpose of routing and DDoS protection, per their privacy policy. They do not see your HealthKit data because we never send it.

Anthropic / OpenRouter receive the meal photo or event text when you trigger AI processing, and only then. Their privacy and data-retention terms apply to those individual API requests. As of this writing, the providers we route through do not train models on API requests by default.

Apple HealthKit is governed by Apple’s Health Data Privacy Disclosure rules. HealthKit access is opt-in per data category in iOS Settings → Privacy & Security → Health.

We do not use Google Analytics, Facebook Pixel, Firebase, Mixpanel, Amplitude, Segment, or any other analytics or tracking SDK.

5. Children

RePlan is not directed to children under 13. We do not knowingly collect any data from anyone under 13. If you are a parent and believe your child has used RePlan, contact us and we’ll help.

6. Your rights

Because RePlan stores your data on your device:

Access: open the app. Everything we have about you is visible inside it.
Correction: edit your profile, meals, or plan directly in the app.
Deletion: uninstall RePlan, or use iOS Settings → General → iPhone Storage → RePlan → Delete App. This removes 100 % of the data we touched.
Portability: a future version will offer an export. If you need it sooner, contact us.

If you are an EU/UK resident covered by GDPR, the same rights apply by virtue of the local-only data model — there is no cloud profile to export, restrict, or delete.

If you are a California resident under the CCPA, we don’t sell or share personal information. We have no “do not sell” link because there is nothing to opt out of.

7. Security

All network requests use HTTPS (TLS 1.3 in practice).
The on-device API token does not authenticate you personally; it authenticates that the app is a real RePlan installation.
The backend runs on Cloudflare’s edge with their default DDoS protection.
We do not maintain a database of users, so there is nothing to breach.

If you discover a security issue, please email hello@replan.fit.

8. Changes to this policy

If we make a material change to how RePlan handles data, the in-app version will note it on next launch, and this page’s “Last updated” date will change. We will not retroactively reduce protections for data you’ve already given us.

9. Contact

Questions, requests, or concerns — email hello@replan.fit.

We typically respond within a few business days.