Legal
Last updated: 24 May 2026
FitRepo(“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
FitRepo is operated as a personal fitness data vault service available at https://mydatafor.life. For data protection purposes, we are the data controller of the personal data you provide to us.
To contact us about privacy matters, email privacy@mydatafor.life.
We collect and process the following categories of personal data:
We do not collect payment data, biometric data beyond that contained in your fitness files, or any data from minors. FitRepo is not directed at users under 16.
We process your data under the following legal bases:
We do not sell your data, share it with advertisers, or use it for any purpose beyond providing and improving the FitRepo service.
Your fitness files are stored in Cloudflare R2 object storage (EU region). Account data and activity metadata are stored in Supabase (PostgreSQL) hosted in the EU (eu-west-1, Ireland). All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
Third-party OAuth tokens are stored encrypted in our database. We apply row-level security policies to ensure users can only access their own data, and all service accounts operate on a least-privilege basis.
FitRepo is an independent service. We apply security best practices throughout but do not currently conduct formal third-party penetration testing. In the event of a security incident affecting your personal data we will notify you promptly by email and, where required, report to the ICO within 72 hours.
We retain your account data and fitness files for as long as your account is active. If you delete your account, all personal data (account, fitness files, connection tokens) will be permanently deleted within 30 days, except where retention is required by law.
Server logs are deleted after 30 days.
FitRepo integrates with the following third-party services at your request. Each has its own privacy policy:
We only transmit data to these services when you have explicitly connected them and enabled sync.
Under UK GDPR you have the following rights:
To exercise any right, email privacy@mydatafor.life. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.
FitRepo uses only essential session cookies required to keep you signed in. We do not use tracking, advertising, or analytics cookies.
We may update this policy as the service evolves. Material changes will be notified to you by email at least 14 days before taking effect. Continued use of FitRepo after that date constitutes acceptance of the updated policy.
© 2026 FitRepo. All rights reserved.