Website Privacy Policy

Applicable to the website repgain.app  ·  Last updated: June 2026

1. Data Controller

Mats Jan Biefang
Im Knäppen 60
45731 Waltrop
Germany
E-mail: support@repgain.app

This privacy policy applies exclusively to the website repgain.app. For the privacy practices of the RepGain iOS app, see the separate App Privacy Policy.

2. Data Processing on This Website

2.1 Hosting (Vercel)

This website is hosted via Vercel (Vercel Inc., 340 Pine Street, Suite 701, San Francisco, CA 94104, USA). When you access the website, your browser automatically transmits connection data to Vercel's servers:

  • IP address
  • Date and time of the request
  • URL accessed
  • Browser type and version
  • Operating system
  • HTTP status code and data volume transferred

This data is technically necessary for operating the website and is automatically deleted after a short period. It is not merged with other data sources. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and error-free operation). For more information, see Vercel's Privacy Policy.

2.2 CDN and Security (Cloudflare)

We use the content delivery network (CDN) and security service provided by Cloudflare (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA). All traffic to this website is routed through Cloudflare's global network. Cloudflare processes connection data — in particular IP addresses and request metadata — to protect against DDoS attacks, optimise performance, and ensure the availability of the website.

Cloudflare sets technically necessary security cookies (e.g. __cf_bm for bot protection). These do not require consent as they serve the sole purpose of secure operation. The legal basis is Art. 6(1)(f) GDPR. Cloudflare has entered into a Data Processing Agreement including EU Standard Contractual Clauses (SCCs). For more information, see Cloudflare's Privacy Policy.

2.3 Google Fonts (consent-gated only)

To display fonts consistently, this website may load typefaces from Google Fonts (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland). This causes your IP address to be transmitted to Google's servers in the USA.

Google Fonts are only loaded if you accept the cookie banner. If you decline, system fonts are used instead and no connection to Google is made. You can withdraw or change your consent at any time via the "Cookie preferences" link in the footer of this page. The legal basis is Art. 6(1)(a) GDPR (consent). For more information, see Google's Privacy Policy.

2.4 Contact by E-mail

If you contact us by e-mail, the data you provide (name, e-mail address, message) will be processed to handle your inquiry. The data will not be passed on to third parties without your consent and will be deleted once processing is complete, unless statutory retention obligations apply. The legal basis is Art. 6(1)(b) GDPR (contract initiation or performance) or Art. 6(1)(f) GDPR (legitimate interest in answering inquiries).

3. Cookies and Local Storage

Technically Necessary Cookies

Cloudflare sets short-lived security cookies (__cf_bm) that are required for DDoS protection and bot detection. These cookies are technically necessary and do not require consent.

Consent Storage

Your decision regarding Google Fonts (accept or decline) is stored in your browser's local storage under the key rg_consent. This is not a cookie, is not transmitted to us or any third party, and serves solely to ensure you are not asked again on your next visit. You can change this setting at any time via the "Cookie preferences" link in the footer, or delete it in your browser's developer tools.

No Tracking Cookies

This website uses no tracking cookies, analytics cookies, advertising cookies, or social media cookies.

4. Disclosure of Personal Data

We do not sell, rent, or exchange personal data. Data is only shared as part of the described data processing agreements (Vercel, Cloudflare, Google Fonts where consent is given) and to the extent required by law (e.g. regulatory information requests).

For the content of and purchases relating to the RepGain Pro subscription, Apple Inc. acts as the merchant — we do not receive any payment or personal identification data in that context.

5. Your Rights

With respect to personal data we process about you, you have the following rights:

  • Access (Art. 15 GDPR) — request a copy of the data we hold about you
  • Rectification (Art. 16 GDPR) — request correction of inaccurate data
  • Erasure (Art. 17 GDPR) — request deletion of your data
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR) — object to processing based on legitimate interests
  • Withdrawal of consent (Art. 7(3) GDPR) — withdraw consent at any time with effect for the future

To exercise your rights, contact: support@repgain.app. We respond within 30 days.

6. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority. The authority responsible for our registered address in North Rhine-Westphalia, Germany:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2–4
40213 Düsseldorf
Phone: +49 211 38424-0
www.ldi.nrw.de

7. Data Security

This website uses HTTPS encryption (TLS 1.2 or higher) throughout to secure data transmission. Hosting (Vercel) and CDN (Cloudflare) apply industry-standard security measures, including SOC 2 certification.

8. Changes to This Policy

We reserve the right to update this privacy policy as needed — for example, when changes are made to our technical infrastructure or legal requirements change. The current version is always available on this page. For material changes, we will update the date above. Current as of: June 2026.