Encryption in Transit
All data moving between your device and RepCraft servers travels over HTTPS with TLS 1.2+. No exceptions.
Security & Trust
Your client data is sensitive. We treat it that way. Encryption, compliance, and infrastructure security built into every layer.
Encryption at Rest
Client profiles, program drafts, and all stored data are encrypted at rest using AES-256. Keys are managed separately from data.
Trust Standards
Built on proven standards.
GDPR Compliant
We respect user data rights: access, portability, deletion, and consent. Our privacy practices align with GDPR, even outside the EU.
SOC 2 Type II Ready
Security controls, monitoring, and audit trails meet SOC 2 Type II standards. Regular third-party audits confirm compliance.
Your Data
You own your client data.
What we collect
Client profiles include goals, experience level, equipment, and injury notes — the information you provide to build a program. We never ask for names, emails, or personal identifiers unrelated to training.
How we use it
Your data powers the draft: RepCraft uses the profile to generate a program tailored to that client. We do not use your data to train models, share it with third parties, or sell it. Period.
How long we keep it
Drafts and profiles stay in your account as long as your account is active. You can export or delete any client record at any time. Deletion is permanent.
Backups
We maintain encrypted backups for disaster recovery. Backups are stored separately from primary systems and follow the same encryption and access controls.
How We Build It
Infrastructure built for resilience.
DDoS Protection
Global CDN with built-in DDoS mitigation. Requests route through threat detection before reaching our servers.
Access Control
Least-privilege principle: teams only access the data they need. API tokens rotate regularly. Admin actions are logged.
Audit Logging
All system access and data operations are logged with timestamps and user identity. Logs retained for compliance review.
Questions
Security questions, answered.
Is my client data ever shared?
No. Client profiles and programs are stored exclusively in your RepCraft account. We don't share data with third parties, use it to train models, or sell it. The only exception is if required by law, in which case we notify you unless legally prohibited.
Can I export my client data?
Yes. You can export any client profile or program draft as a structured file at any time. This keeps you in control — your data is never locked in.
What if RepCraft shuts down?
We'll give you reasonable notice to export your data. We're also building export-first: all client records and drafts are designed to be portable, so you're never stranded.
Do you use my data to train AI models?
No. Client profiles and programs are never used to train or improve our AI. Your data stays your data. The RepCraft AI model is pre-trained and frozen — it doesn't learn from your use.
What about password security?
Passwords are hashed with modern algorithms and never stored in plain text. We support strong password practices and optional two-factor authentication. We also never store API keys or tokens unencrypted.
Do you have a responsible disclosure policy?
Yes. If you discover a security vulnerability, email us at [email protected]. We take responsible disclosure seriously and respond promptly to credible reports.
Ready to coach with confidence.
Your client data is protected. Start drafting programs today.