Rebuilt uses a small number of strictly necessary cookies and local storage items to keep the application working. We use no advertising cookies, no cross-site tracking, and no third-party analytics platforms.
Cookies are small text files that a website or application stores on your device when you visit or use it. They are widely used to make applications work, remember your preferences, and collect information about how the application is used.
Local storage is a similar browser-based mechanism that stores data on your device in a more persistent way than cookies. Rebuilt uses both cookies and local storage, as described below.
Under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the DPDP Rules, 2025, cookies that collect or relate to personal data are treated as personal data processing and require an appropriate legal basis, typically your consent or strict necessity for the service to function.
| Name / Type | Category | Purpose | Duration |
|---|---|---|---|
HTTP cookie / localStorage |
Strictly necessary | Keeps you logged in to your Rebuilt account. Without this token, you would need to log in on every page load. Contains a cryptographically signed session identifier — no personal data is stored in the token itself. | Session or up to 30 days if you select "Stay logged in" |
localStorage only |
Functional | Stores your in-app UI preferences — dark mode setting, notification preferences, and dismissed onboarding steps. Stored on your device only. This data is never transmitted to Rebuilt's servers. | Persistent until you clear browser storage |
HTTP cookie |
Strictly necessary | CSRF protection token. Prevents cross-site request forgery attacks by verifying that form submissions and API requests originate from the authenticated Rebuilt session. Required for security. | Session (deleted when browser closes) |
First-party cookie |
First-party analytics | Anonymous session identifier used by Rebuilt's own first-party analytics to understand which features are used in aggregate. Does not contain your user ID, email, or any personally identifiable information. Not shared with any third party. Used to count sessions, not to track individuals. | 30 minutes (session-scoped, resets on inactivity) |
We want to be explicit about what Rebuilt does not do:
Rebuilt's first-party analytics collect anonymised session data: which screens are visited, which features are tapped, session duration, and general usage patterns. This data is aggregated and cannot be used to identify you as an individual.
Our analytics do not collect your name, email address, user ID, health data, FitCoin balance, workout or diet logs, precise location, or any other personally identifiable information. The analytics session cookie contains only an anonymous identifier that resets every 30 minutes.
We use this data to understand which features people use most, where users encounter difficulties, and how to improve the Application. We use it to build a better product — not to profile you or sell your behaviour to third parties.
Rebuilt uses browser local storage to save your in-app preferences (dark mode, notification settings, dismissed tooltips) on your device. This data:
Under the DPDP Act, 2023, the DPDP Rules, 2025, and the Information Technology Act, 2000:
These cookies are required for the Application to function. They are used on the basis of contractual necessity — without them, the service you have signed up for cannot be delivered. These cookies do not require separate consent.
These cookies are used on the basis of legitimate interests (improving your experience by remembering your preferences) and are strictly limited to non-sensitive preference data that never leaves your device.
This cookie is used on the basis of our legitimate interest in understanding how the Application is used in aggregate to improve it. The cookie contains no personal data and cannot identify you as an individual. You may opt out at any time as described in Section 7.
You have several options to control cookies and local storage on Rebuilt:
To disable the first-party analytics cookie:
To clear local storage (UI preferences only — does not affect your account):
To opt out of first-party analytics entirely, email privacy@rebuilt.in with subject line Analytics Opt-Out. We will flag your account to exclude it from session analytics within 5 business days.
Under the DPDP Act, 2023 and the DPDP Rules, 2025, to the extent any cookie on Rebuilt processes personal data, you have the right to:
For all cookie and privacy matters, contact: privacy@rebuilt.in
We may update this Cookie Policy from time to time, particularly if we add new features that require new cookies or local storage use. When we make material changes, we will update the "Last updated" date at the top of this page and, where the change affects a cookie that processes personal data, notify you by email to your registered address at least 14 days before the change takes effect.
The current version of this policy is always available at rebuilt.in/cookies.
This Cookie Policy is published in accordance with the requirements of the Digital Personal Data Protection Act, 2023, the DPDP Rules, 2025, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. It should be read together with Rebuilt's Privacy Policy at rebuilt.in/privacy and Terms and Conditions at rebuilt.in/terms.