Privacy Policy

Introduction

Replic Limited ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use the Replic mobile application (the "App") and related services (collectively, the "Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

We collect the following categories of personal information:

1.1 Information You Provide

• Account Information: Name, email address, and authentication credentials when you create an account via Apple Sign-In or Google Sign-In.
• Profile Information: Optional details you choose to add to your profile, such as preferences, goals, or routine selections.
• User-Generated Content: Any comments, feedback, routine logs, or other content you submit through the App.
• Communication Data: Messages you send to our support team, including email correspondence.

1.2 Automatically Collected Information

• Device Information: Device type, operating system, unique device identifiers, IP address, mobile network information.
• Usage Data: App features accessed, routines viewed or completed, session duration, interaction patterns, and in-app navigation.
• Analytics Data: Aggregated and anonymized data about how users interact with the App, collected via Firebase Analytics.
• Crash and Performance Data: Error logs, crash reports, and performance metrics to diagnose issues and improve stability.

1.3 Subscription and Payment Data

• Transaction Information: Subscription tier, purchase receipts, renewal dates, and payment status. Note: We do not directly collect or store your payment card details; these are securely handled by Apple via the App Store.
• RevenueCat Data: We use RevenueCat to manage subscriptions and validate receipts. RevenueCat collects user IDs, subscription status, and transaction data on our behalf.

2. How We Collect Your Information

We collect information through the following methods:

• Direct Input: When you create an account, update your profile, or interact with the App.
• Automated Technologies: Via cookies, SDKs, and similar tracking technologies embedded in the App (e.g., Firebase, RevenueCat).
• Third-Party Authentication: When you sign in using Apple Sign-In or Google Sign-In, we receive limited profile data (name, email) from those providers.
• Customer Support: When you contact us via email or in-app support channels.

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Provide and Maintain the Service

• Create and manage your account
• Deliver access to routines, profiles, and coaching content
• Process and manage subscriptions, including renewals and cancellations
• Authenticate your identity and secure your account

3.2 Personalization and AI Features

• Customize your experience based on preferences and usage patterns
• Deliver AI-powered reminders and recommendations
• Suggest routines and profiles tailored to your goals

3.3 Communication

• Send transactional emails (e.g., account confirmation, subscription updates)
• Respond to your support requests and inquiries
• Notify you of changes to our Terms or Privacy Policy
• Send promotional messages (with your consent, where required)

3.4 Analytics and Improvement

• Analyze usage trends and app performance
• Identify and fix bugs, crashes, and technical issues
• Conduct A/B testing and optimize features
• Develop new features and enhance user experience

3.5 Legal and Security

• Comply with legal obligations and respond to lawful requests
• Prevent fraud, abuse, and unauthorized access
• Enforce our Terms of Service
• Protect the rights, safety, and security of Replic, our users, and the public

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or UK, we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent (e.g., for marketing communications or optional data collection).
• Contractual Necessity: Processing is necessary to fulfill our contract with you (e.g., providing the Service, managing subscriptions).
• Legitimate Interests: We have a legitimate interest in improving the Service, ensuring security, and conducting analytics, provided your rights do not override these interests.
• Legal Obligation: We must process your data to comply with applicable laws (e.g., tax reporting, responding to legal requests).

5. How We Share Your Information

We do not sell your personal data. We may share your information with the following third parties:

5.1 Service Providers

• RevenueCat: Manages subscription logic, validates receipts, and tracks subscription status.
• Firebase (Google): Provides authentication, real-time database, cloud storage, analytics, and crash reporting.
• Apple: Processes payments and manages App Store subscriptions. Apple may share limited transaction data with us.
• Google Sign-In / Apple Sign-In: Facilitates third-party authentication.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or if necessary to:

• Comply with legal processes or enforce our Terms
• Protect the rights, property, or safety of Replic, our users, or others
• Investigate fraud, security incidents, or violations

5.3 Business Transfers

If Replic is involved in a merger, acquisition, asset sale, or bankruptcy, your personal data may be transferred to the successor entity. We will notify you of any such change.

5.4 Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified data (which cannot reasonably identify you) with third parties for analytics, research, or marketing purposes.

6. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: We retain your data while your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
• Deleted Accounts: If you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law (e.g., financial records, compliance obligations).
• Backup Data: Deleted data may persist in backup systems for up to 90 days.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 Access and Portability

You have the right to request a copy of the personal data we hold about you in a structured, commonly used, and machine-readable format.

7.2 Correction

You may request that we correct inaccurate or incomplete personal data. You can also update your profile information directly within the App.

7.3 Deletion (Right to be Forgotten)

You may request that we delete your personal data, subject to certain exceptions (e.g., legal obligations, pending transactions, or security purposes).

7.4 Restriction and Objection

You may request that we restrict or stop processing your data in certain circumstances, such as when you contest its accuracy or object to processing based on legitimate interests.

7.5 Withdraw Consent

If we process your data based on consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

7.6 Opt-Out of Marketing

You may opt out of promotional emails by clicking "Unsubscribe" in any marketing message or contacting us directly.

7.7 Lodge a Complaint

If you believe we have mishandled your data, you have the right to lodge a complaint with your local data protection authority (e.g., the UK Information Commissioner's Office or your relevant EU supervisory authority).

To exercise any of these rights, contact us at replicappinfo@gmail.com.We will respond within 30 days (or as required by applicable law).

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you are under 13, do not use the Service or provide any personal information.

If we discover that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at replicappinfo@gmail.com.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication protocols (OAuth 2.0, Apple Sign-In)
• Regular security audits and vulnerability assessments
• Access controls and role-based permissions for internal systems
• Secure cloud infrastructure provided by Firebase and RevenueCat

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States, where our third-party service providers (Firebase, RevenueCat) operate.

When we transfer data internationally, we ensure adequate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with third-party providers
• Compliance with applicable data protection frameworks (e.g., EU-US Data Privacy Framework)

By using the Service, you consent to the transfer of your data as described in this section.

11. Cookies and Tracking Technologies

The App uses cookies, SDKs, and similar technologies to collect usage data and improve functionality. These include:

• Essential Technologies: Required for authentication, security, and core functionality.
• Analytics Technologies: Firebase Analytics tracks usage patterns and app performance.
• Advertising and Marketing: We do not currently use advertising trackers, but may in the future with notice.

You can manage tracking preferences through your device settings (e.g., iOS "Limit Ad Tracking"). Note that disabling certain technologies may limit functionality.

12. Third-Party Links and Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Do Not Track Signals

We do not currently respond to "Do Not Track" (DNT) browser signals, as there is no industry standard for how to handle them. We will update this policy if standards are established.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: Request details about the personal data we collect, use, and share.
• Right to Delete: Request deletion of your personal data (subject to exceptions).
• Right to Opt-Out of Sale: We do not sell your personal data.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at replicappinfo@gmail.com. We will verify your identity before processing requests.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or Service features. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email or in-app notification
• Request your consent where required by law

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: