Reysa

Privacy Policy

Last updated: June 11, 2026

TikkiLabs AB ("we," "us") runs Reysa, a strength-and-cardio fitness app, along with our website and future web dashboard (together, the "Services"). We are the data controller for your personal data.

Because the app tracks your training, we process health and fitness data, which EU law treats as sensitive and protects more strongly.

Contact: contact@tikkilabs.com · TikkiLabs AB, Carlsgatan 12A, 211 20 Malmö, Sweden

What we collect

Account: email address and a hashed password
Sign in with Apple — if you use it, Apple shares your email address with us (this may be Apple's private relay address if you choose to hide your email)
Workout & fitness data you enter: exercises, sets, reps, weights, durations, cardio sessions, body measurements, notes
Apple Health data — only if you turn the integration on (see below)
Location — only when you use a feature that needs it (e.g. mapping a cardio route)
Automatic data: device and usage info, IP address, and crash/diagnostic logs
Subscription status from Apple — we never see or store your card number

Our website and web dashboard use only the cookies needed for core functions such as keeping you signed in and keeping the service secure; we ask for consent before setting any non-essential cookies.

Why we use it, and our legal basis

Run your account and provide the app — to perform our contract with you
Store and process your workout and health data — your explicit consent (sensitive data)
Fix bugs, keep the Services secure, and improve them — our legitimate interests
Send optional emails or push notifications — your consent (opt out anytime)
Meet legal obligations — legal requirement

You can withdraw consent at any time (for example, by disabling Health or location access, or by contacting us). This may turn off some features.

Apple Health

If you connect Apple Health, we commit to: using that data only to provide your fitness features; never using it for advertising, marketing, or data-mining; never selling it; never sharing it without your explicit consent; and never storing it in iCloud. You can revoke access anytime in your device's Health settings.

Who we share with

We do not sell your data. We share it only with service providers that help us run the Services — Apple (subscription payments), cloud hosting providers that store your account and workout data, and a subscription-management provider that receives a pseudonymous user ID and your purchase status — and with authorities where the law requires. We have data-processing agreements with our providers. Where a provider processes data outside the EEA, we rely on safeguards such as the EU Standard Contractual Clauses.

Keeping and deleting your data

We keep your data while your account is active. You can delete your account at any time from the app's settings; we then delete your data, apart from limited records we must keep by law. You can export your workouts to CSV from within the app.

Security

We use encryption in transit and at rest, access controls, and hashed passwords. No system is perfectly secure, but we work to protect your data and will notify you and the regulator of a breach where the law requires.

Your rights

If you're in the EEA/UK, you can access, correct, delete, restrict, object to, or port your data, and withdraw consent — just contact contact@tikkilabs.com. You can also complain to Sweden's privacy authority, IMY (imy.se). US residents have similar rights and can contact us; we don't sell data or use health data for advertising.

Children

Reysa is not for children under 13, and we don't knowingly collect their data.

Changes

We'll update the date above and give clear notice of any material changes.