10 Reps
Privacy Policy
Last updated: June 2026

Privacy Policy

App “10 Reps”

Last updated: June 2026

Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Samuel Mamulaschwili

Nordstr. 37

74076 Heilbronn, Germany

Email: hello@10reps.app

General Information on Data Processing

We process personal data of our users exclusively in accordance with applicable law, in particular the General Data Protection Regulation (GDPR). Personal data means any information relating to an identified or identifiable natural person.

Data Processing When Using the App

a) Use without registration (local storage)

If the app is used without registration, training data (e.g. workouts, repetitions, weights, progress) is stored exclusively on the user’s device. No personal data is transmitted to our servers in this case.

b) Use with a user account

When using the app with a registered account, we process the following data:

This data is processed to provide the app’s features and to synchronise data across devices. The legal basis is Art. 6(1)(b) GDPR (performance of contract).

Use of Supabase

When a user account is created, data is processed via the service Supabase (provider: Supabase Inc.). Processing is carried out under a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. Data may be transferred to third countries; any such transfer is made exclusively on the basis of appropriate safeguards pursuant to Art. 46 GDPR (e.g. Standard Contractual Clauses issued by the European Commission).

Use of Anthropic (AI Coach)

The app includes an AI-powered coaching assistant (“AI Coach”) that generates personalised guidance and recommendations based on the user’s training data. To do so, we transmit relevant training data to the API of the provider Anthropic.

Provider: Anthropic, PBC, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA

Purpose: Generation of personalised coaching content based on training history, progress data, and plan context.

The following data may be transmitted to the API:

No directly identifying data such as name or email address is transmitted to Anthropic. Processing is carried out exclusively for the purpose of the coaching feature.

Legal basis: Art. 6(1)(b) GDPR (performance of contract), as the AI Coach is part of the contracted service.

Transfer to third countries: Use of the Anthropic API involves a transfer of data to the United States. This is carried out on the basis of appropriate safeguards pursuant to Art. 46 GDPR (Standard Contractual Clauses). Anthropic does not use API inputs to train models by default. Further information: https://www.anthropic.com/legal/privacy

Use of Sentry (Error Tracking)

To detect and fix technical errors and improve app stability, we use the service Sentry.

Provider: Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA

Purpose: Automatic capture of app crashes, error logs, and performance metrics to allow reproduction and resolution of errors.

The following data may be processed:

Legal basis: Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interest lies in the technical stability and quality assurance of the app.

Retention period at Sentry: error events are retained for 90 days by default.

Transfer to third countries: Processing by Sentry may involve a transfer of data to the United States on the basis of appropriate safeguards pursuant to Art. 46 GDPR (Standard Contractual Clauses). Further information: https://sentry.io/privacy/

Use of PostHog (Product Analytics)

To improve app features and the user experience, we use the product analytics tool PostHog. We use exclusively the PostHog EU Cloud instance, which operates on servers within the European Union (AWS eu-central-1, Frankfurt, Germany).

Provider: PostHog Inc., 965 Mission Street, San Francisco, CA 94103, USA (data processed exclusively on EU servers)

Purpose: Analysis of app usage, measurement of feature adoption, and improvement of product quality based on aggregated and pseudonymised usage data.

The following data may be processed:

All data is collected in pseudonymised form. Direct identification of individual persons is not intended. No training content or health data is transmitted to PostHog.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interest lies in improving and developing the app based on usage patterns. Users may object to the processing of their data for analytics purposes at any time by contacting us at hello@10reps.app.

As PostHog in its EU Cloud configuration operates exclusively on European servers, no personal data is transferred to third countries. Further information: https://posthog.com/privacy

Use of RevenueCat (In-App Purchases)

We use the service RevenueCat to manage in-app purchases and subscriptions.

Provider: RevenueCat, Inc., 633 Tasman Street, San Jose, CA 95126, USA

Purpose: Processing and management of in-app purchases, subscriptions, and entitlements (access rights to premium features).

The following data may be processed:

RevenueCat does not receive payment data such as credit card numbers or full Apple purchase receipts. This information remains exclusively with Apple. No real names or email addresses are transmitted to RevenueCat.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Transfer to third countries: Processing by RevenueCat involves a transfer of data to the United States on the basis of appropriate safeguards pursuant to Art. 46 GDPR (Standard Contractual Clauses). Further information: https://www.revenuecat.com/privacy

Processing of Training and Health Data

The app processes training data (e.g. weights, repetitions, training progress). This data may allow inferences about an individual’s physical condition and is used exclusively to provide the training features. The legal basis is Art. 6(1)(b) GDPR. Where health data within the meaning of Art. 9 GDPR is involved, processing takes place exclusively on the basis of the user’s explicit consent pursuant to Art. 9(2)(a) GDPR.

Apple Health / HealthKit

Where the user expressly consents to integration with Apple Health (HealthKit), the following data accesses are made:

Write access: Workout sessions are written to Apple Health so they appear in the user’s Health app.

Read access: The app reads active energy data (active calories burned) from Apple Health to incorporate this into training evaluations.

Processing is carried out exclusively on the basis of the user’s consent pursuant to Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR.

Push Notifications

The app may send push notifications (e.g. workout reminders or usage prompts). Push notifications are only sent if the user has explicitly opted in. A push token (device identifier) may be processed to deliver messages to the respective device.

Legal basis: Art. 6(1)(a) GDPR (consent). The user may withdraw consent at any time by disabling push notifications in the device settings or within the app.

Legal Bases for Processing

We process personal data on the following legal bases:

Retention Periods

We retain personal data only for as long as necessary for the respective purposes. Upon deletion of a user account, personal data will be deleted unless statutory retention obligations apply.

The following retention periods apply to third-party services:

Rights of Data Subjects

Users have the following rights:

To exercise these rights, please contact us at hello@10reps.app.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, every user has the right to lodge a complaint with a data protection supervisory authority if they consider that the processing of their personal data infringes the GDPR (Art. 77 GDPR).

The competent supervisory authority is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW)

Königstraße 10a

70173 Stuttgart, Germany

Website: https://www.baden-wuerttemberg.datenschutz.de

Email: poststelle@lfdi.bwl.de

Withdrawal of Consent

Any consent granted may be withdrawn at any time with effect for the future. This applies in particular to consent for Apple Health / HealthKit integration and for receiving push notifications. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Data Security

We implement appropriate technical and organisational measures to protect users’ data against loss, misuse, or unauthorised access. All communication between the app and our servers is encrypted via HTTPS.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in applicable law or changes to the app. Users will be informed of material changes.

Last updated: June 2026 · 10 Reps · iOS App