This Privacy Policy explains how PREPT, Inc. ("PRPT", "we", "us") collects, uses, stores, and shares information when you use the PRPT website at prpt.fit and any PRPT-branded mobile applications (together, the "Service"). PRPT is an AI-driven coaching tool for CrossFit athletes and gym owners. We try to keep this short and concrete — if anything is unclear, email r.xu@me.com.
1. Information We Collect
1.1 Information you give us directly
- Account information: your name, email address, and (if you set one) a session token stored in your browser's local storage to keep you signed in.
- Profile information: gym affiliation, optional bodyweight and height, your stated training goals, and personal records (1-rep maxes, benchmark times) that you enter or confirm during onboarding.
- Workout logs you self-report: scores, scaling choices, freeform notes, and any feedback you submit on coaching output.
- Push notification tokens: if you grant your device permission to receive push notifications from PRPT, we store the Apple Push Notification service (APNs) or browser push token so we can deliver coaching nudges.
1.2 Information collected on your behalf from your gym software
With your explicit consent during onboarding, PRPT logs into your CrossFit gym's Wodify (or equivalent) account on your behalf and reads the leaderboard pages for the classes you attended. From those pages we capture: the workout description posted by your gym, your recorded score for that workout, the scaling track you used, and the scores of other athletes in your class for comparison and pacing math. We store this in our database alongside your account.
You can revoke this consent at any time by emailing r.xu@me.com with the subject line "Stop scraping". Within five business days we will disable the data pull for your account and delete the credentials.
1.3 Information collected automatically
- Standard server logs: when your device contacts our servers we record the request method, path, status code, user agent, timestamp, and IP address. These logs are retained for thirty days for security and debugging purposes and are not used to build a marketing profile.
- Local browser storage: we store small amounts of data in your browser's
localStorage(session token, UI preferences, filter selections). This data does not leave your device unless you explicitly take an action that sends it to our server.
2. How We Use Your Information
- Coaching output: we use your training history to generate today's target ranges, pacing guidance, suggested scaling, and post-workout review. The math is your data combined with statistical models we have built; we do not train any third-party model on your data.
- Comparison and ranking: scores from athletes in your class are used to compute your percentile within that class on a given workout. Comparisons are limited to athletes who train at the same gym as you, in the same class block.
- Service operation: authenticating sign-ins, sending push notifications you have opted into, debugging issues you report, preventing abuse.
- Product communication: we may email you about meaningful product changes or account issues. We do not send marketing emails.
3. Service Providers (Third Parties)
PRPT keeps the list of outside companies that touch your data deliberately small. Each is bound by their own data-handling commitments; we do not authorize any of them to repurpose your data.
- Render (Oakland, CA) — hosts the PRPT web service and runs the scheduled jobs that fetch leaderboard data.
- PostgreSQL on Render — the database where your account, workouts, scores, and parsed workout structure are stored.
- DeepSeek — large-language-model provider used to parse free-form workout descriptions into structured data (movements, rep schemes, time caps). We send the workout description and minimal context; we do not send your name, email, or personally identifying information.
- Google Gemini — vision model used to read images you upload (for example, a photo of a whiteboard workout). We send the image and a parsing instruction; we do not send your account identifiers.
- Apple Push Notification service (APNs) and equivalent web-push services — deliver push notifications to your device, if you have opted in.
PRPT does not use Google Analytics, Facebook Pixel, third-party advertising networks, attribution SDKs, or session-replay tools. There is no PRPT data sold or licensed to data brokers.
4. Your Rights and Controls
- Access: email r.xu@me.com to receive a copy of the data we hold about you. We will respond within thirty days.
- Deletion: email the same address with the subject line "Delete my data". We will delete your account record, profile, self-reported logs, and disable scraping within five business days. Aggregated, de-identified statistics (for example, anonymous distribution of times on a benchmark workout) may persist in cached statistical fits.
- Correction: you can edit your profile fields in-app, and you can submit corrections to parsed workout structure via the "Report this" controls inside the app. These corrections feed back into our parser as examples.
- Opt out of scraping: email the address above with "Stop scraping" as described in §1.2. After that point, your in-app coaching will be limited to whatever you self-log.
- Opt out of push notifications: turn them off in your device's Settings app or revoke the permission from inside PRPT.
5. Data Retention
- Workout history: kept indefinitely while your account is active because long-term history is what makes the coaching useful. Deleted on request per §4.
- Authentication sessions: thirty days from your last sign-in, then expired.
- Cached parsed workouts: time-to-live of approximately 180 days, after which the parse is regenerated on next access.
- Server logs: thirty days.
- Backups: PRPT's database provider keeps point-in-time backups for seven days for disaster recovery; deletion requests propagate to backups within that window.
6. Security
All traffic between your device and PRPT travels over HTTPS. Passwords and gym-software credentials are stored encrypted at rest. Our database is hosted in a managed environment with network-level isolation. We do not claim to be impenetrable — no Internet service is — but we treat the small surface area of PRPT as a feature, and we limit who on our team can read account data to those who need it for support.
If we ever discover a security breach that affects your account, we will notify you by email within seventy-two hours of confirmation.
7. Children's Privacy
PRPT is not directed at children under thirteen years of age, and we do not knowingly collect information from anyone under thirteen. If you believe a child under thirteen has provided us information, contact r.xu@me.com and we will delete the account.
8. Residents of the European Union and California
If you are in the European Union or the United Kingdom, you have the rights described in the General Data Protection Regulation (GDPR), including the right of access, rectification, erasure, restriction of processing, data portability, and the right to object. The legal basis for our processing is the contract you enter when you create an account and your consent for scraping.
If you are a California resident, you have the rights described in the California Consumer Privacy Act (CCPA), including the right to know what we have collected, the right to delete, and the right to opt out of any sale of personal information. We do not sell personal information.
For either set of requests, email r.xu@me.com.
9. Future Features and Optional Integrations
We are working on optional integrations with Apple HealthKit and WHOOP to read heart-rate data for pacing recommendations. As of the effective date of this policy, those integrations are not yet active in production. When they ship, we will update this policy, and we will request explicit opt-in permission inside the app and through your device's permission prompts before any heart-rate data is read. We will not enable any new data source without your action.
10. Changes to This Policy
If we update this policy, we will change the version number and effective date at the top of this page. Material changes will be announced in the app or by email. Continued use of PRPT after the effective date of the updated policy constitutes acceptance of it.