Privacy Policy

This document is the complete privacy policy for SendRepeat ("we", "us", "our"), operated by Tobias Fierz, an individual developer based in Switzerland. It covers the SendRepeat Android application and the sendrepeat.app website.

When you create an account, we collect your email address and display name. Authentication is handled by Auth0, which manages your credentials and issues secure session tokens. We store only the Auth0 user identifier on our servers — we do not store your password.

You may optionally provide profile information including your height, weight, and climbing grades (redpoint and onsight grades across disciplines). This information is voluntary and can be left blank or removed at any time. It is used solely to contextualise your training data and is never shared with third parties.

The core of the service. When you log activity, we store:

Location can be entered as free text (e.g. "Fontainebleau", "The Climbing Hangar"). If you grant the app permission to access your device's location, we may also collect precise GPS coordinates to record where a crag is situated. This permission is optional — you can use the app without it. You can review and manage location permissions at any time through your device settings.

If you connect with a coach on the platform, we store the relationship record (coach identifier, athlete identifier, connection date). This controls what data your coach can access via their dashboard. Disconnecting a coach removes their access immediately.

Our servers generate standard access logs including IP addresses, request timestamps, HTTP status codes, and user agent strings. These are used for debugging, security monitoring, and capacity planning. They are retained for 90 days and then deleted automatically.

We use the data we collect for the following purposes:

We will never sell your data to third parties.

If you connect a coach via the platform, your activity data, training plan compliance, and profile information become visible to that coach within their dashboard. This connection is initiated by you and is revocable at any time. Revocation takes effect immediately — your coach loses access the moment you disconnect.

Coaches cannot share your data with other parties through the platform, and we do not grant coaches any data rights beyond read access to their connected athletes' data.

SendRepeat uses route data from OpenBeta, an open-source climbing route database. When you contribute public route information — such as GPS coordinates for a crag, route details, or photos tagged to a route — that data is synced back to OpenBeta in the background. This is intentional: contributions from SendRepeat users help improve the shared database for the entire climbing community. OpenBeta data is not fetched on your behalf in real time; the exchange happens server-side and does not involve direct requests from your device to OpenBeta.

You will be prompted before any content is published publicly. Within 30 days of contribution, you may request removal of your contributed data by contacting privacy@sendrepeat.app. After this window, contributed data is considered a permanent contribution to the OpenBeta database and cannot be individually retracted, as other users and systems may have come to rely on it. Your personal association with the contribution (your user account) remains deletable at any time as described in Section 5.

We use a small number of third-party services to operate SendRepeat. Each has their own privacy practices which govern how they handle data. We encourage you to review their policies directly:

We may disclose data if required by a valid court order or applicable law. We will notify affected users when legally permitted to do so, and we will contest requests we believe to be legally invalid or overly broad.

We retain your data for as long as your account is active. If you delete your account, we remove all personal data — including your profile, activity history, ascents, sessions, goals, photos, and coach relationship records — within 30 days of the deletion request. Backups containing your data are purged on their normal rotation cycle, which completes within 90 days.

Server access logs are retained for 90 days and then deleted automatically, regardless of account status.

If you disconnect a coach, their access to your data is revoked immediately. The coach sees no record that a relationship existed.

Note that deleting your account removes your personal association with any publicly contributed route or location data, but the contributed data itself may be retained as described in Section 4.

To request deletion of your account, use the in-app delete function or contact privacy@sendrepeat.app. We will confirm deletion within 5 business days of receiving your request.

You have the following rights with respect to your personal data:

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR, UK GDPR, or nDSG respectively. These include the right to lodge a complaint with your local data protection authority. We are committed to resolving any concerns directly — please contact us first at privacy@sendrepeat.app.

We take reasonable and appropriate technical measures to protect your data:

No system connected to the internet is perfectly secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by applicable law.

If you discover a security vulnerability, please report it responsibly to security@sendrepeat.app.

We may update this Privacy Policy from time to time to reflect changes in the service, legal requirements, or our practices. For material changes — those that meaningfully affect how we collect or use your data — we will provide at least 14 days' notice before the change takes effect, by emailing registered users and posting a prominent notice in the app.

Non-material changes (such as clarifications or corrections) may be made without prior notice. The effective date at the top of this document will always reflect when the current version was last updated.

Continued use of SendRepeat after the effective date of any change constitutes acceptance of the updated policy.

For any privacy-related questions, data requests, or concerns, please contact us. We aim to respond to all enquiries within 5 business days.