rebel Privacy Policy

Fitness Asia Pte. Ltd. (“REBEL”), Rebel Fitness Pte. Ltd. and their subsidiaries and affiliates (collectively referred to as "REBEL", "we", "us", or "our") are committed to managing personal information in accordance with Singapore’s Personal Data Protection Act (PDPA) and in compliance with other applicable data protection laws globally (including, where applicable, the EU General Data Protection Regulation (GDPR)). This Privacy Policy sets out how we collect, use, disclose, and protect your personal information. In this Privacy Policy, "you" refers to any individual about whom we collect personal information.

About REBEL

REBEL is an online wellbeing, and mental health and physical health platform. We offer a range of services, including online wellbeing content, mental health counselling, and corporate Employee Wellbeing services, including Employee Assistance Program (EAP) services, one-on-one counseling and more. This Privacy Policy applies to all users of our services, including members of our platform, participants in our wellness and nutrition programs, users of our mental health and counselling services (including EAP participants), visitors to our websites, and others who interact with us.

Information We Collect

We collect personal information about you when you interact with us or use our services. The type of information we collect depends on who you are and which services you use. Below we explain the categories of personal data we collect and process:

Members and Users of our Wellness Services

When you enquire about our services or become a member of REBEL, we create a record that includes personal information about you. The information we collect will vary based on the service you request and your interactions with us, but it typically includes:

  • Identification and Contact Details: e.g., your name, age, and contact information.
  • Account Credentials and Interactions: your login details (username/email) and password for our app or website, as well as information about your interactions with our platform (such as preferences or usage history).
  • Service and Transaction Information: details of the products and services you have subscribed to or purchased (e.g., membership tier, programs enrolled) or that you have enquired about, along with any additional information needed to deliver those services and respond to your inquiries.
  • Feedback and Survey Responses: information you provide through voluntary feedback forms, surveys, or community forums.
  • Fitness and Nutrition Data: any fitness statistics, workout history, or nutrition information you provide to us (for example, your weight, dietary preferences, or exercise habits).
  • Any Other Information You Provide: any additional personal data that you provide to us (or authorize us to collect) during your interactions or membership with REBEL. This could include images or media if, for example, you participate in events or challenges.

We collect this information directly from you (such as through sign-up forms, your profile inputs, or communications with us). You can choose not to provide certain information, but doing so may limit our ability to offer you some of our services.

Mental Health and Counselling Services (Including EAP Participants)

If you engage in our mental health or counselling services – for example, by using our in-app counselling features or participating in an Employee Assistance Program provided by REBEL – we will collect additional sensitive personal data related to your mental and emotional well-being. This may include:

  • Intake and Assessment Information: responses you provide on mental health questionnaires, assessments, or surveys (e.g., stress or mood evaluations).
  • Counselling Session Information: details you share during counselling sessions or coaching (such as issues, symptoms, or goals you discuss with our counsellors or coaches).
  • Service Usage Details: appointment histories, treatment or support plans, progress notes, or recommendations (as documented by wellness coaches or mental health professionals, where applicable).
  • Employer-Provided Information (for EAP): if your access to our services is through a corporate EAP or wellness program, your employer or sponsoring organization may provide basic personal information about you to facilitate the service (for example, your name, work contact information, employee identification number, or department). This information is used only to verify your eligibility and manage the program.

Sensitive Nature of Mental Health Data: We recognize that information about your mental health is highly sensitive. REBEL will collect and process this information only with your explicit consent and solely for the purposes of providing you with the counselling or EAP services and related support, or as otherwise permitted by law. You have the right to withdraw your consent at any time (see Your Privacy Rights below), though doing so may affect our ability to continue providing these specialized services.

We maintain strict confidentiality for counselling and EAP communications. Personal details you share in these contexts are kept confidential between you and the professionals providing the service (such as counsellors or coaches), except as necessary to provide the service or as required by law in exceptional circumstances (for example, if there is an imminent risk of serious harm, or as otherwise mandated by applicable regulations). Any use of mental health data is purpose-limited to supporting your well-being; it is not used for marketing or unrelated purposes.

Prospective Employees and Job Applicants

If you apply for a job or express interest in working with REBEL, we collect information as part of our recruitment process. This typically includes your name, contact details, résumé/CV information (such as your qualifications, work history, and references), and any other personal information you choose to provide in your application (e.g., employment preferences or salary expectations). We usually collect this information directly from you or through our recruitment partners. We may also receive personal information about you from third parties such as recruitment agencies, referees you have provided, or publicly available professional profiles (for example, information from your LinkedIn profile) to the extent permitted by law. Before making a formal offer of employment, we might collect additional information as needed for background checks or verification of qualifications, with your knowledge or consent and as allowed by law.

Other Individuals

We may also collect personal information about individuals who are not direct users of our app or members, such as:

  • Event Participants and Community Members: If you attend an event, challenge, or program that REBEL organizes or is involved in, we might collect your name, contact details, and any other information necessary for event management. We may also capture photos or video recordings during these events. We will seek consent where required, and you can inform us if you prefer not to be photographed or recorded.
  • Service Providers and Contractors: If you are an individual contractor, consultant, or other service provider working with REBEL (or an employee of one of our service providers), we may collect your contact information and other details necessary to manage our relationship and provide you with appropriate access (for example, to our systems or premises).
  • Business Partners and Affiliates: If you interact with us in a commercial capacity (e.g., as a partner, affiliate, corporate client, or investor), we may collect your name, professional contact details, and information related to our business dealings or partnership.

The kind of personal information collected in these cases will depend on your interaction with us. We will collect only what is necessary for relevant business or operational purposes.

Website Visitors and Cookies

When you visit our websites or use our mobile applications, we automatically collect certain information about your device and usage through cookies and similar technologies (see Cookies and Online Tracking below for details). This may include your device type, IP address, browser type, device identifiers, pages you visited on our site or app, and the dates/times of your visits. While this information may not identify you by name on its own, it can be combined with other information to potentially identify you if you are logged in or have provided your personal details in other interactions. If you fill in forms on our site (e.g., an inquiry form or newsletter signup) or log into our member portal, any personal information you submit will be collected (for example, your name, email, and the content of your inquiry).

Location Information: If you use features of our services that require location data – for example, GPS-based fitness tracking for running routes or finding nearby fitness events – we will collect and process your device’s precise geolocation. We do this only when you have given permission through your device or app settings. Location data helps enable core features like route mapping, segment leaderboards, or location-specific content. You can withdraw permission for location tracking at any time by adjusting your device settings; however, doing so may prevent certain features from functioning (such as live activity tracking or route mapping).

Health and Wellness Information

When you use REBEL’s fitness and wellness features, we may collect health-related information about you:

  • Physical Health Data: Metrics such as step count, sleep patterns, or other fitness indicators. Some of this data you might enter manually (e.g., logging a workout or body weight), and some may be collected via integrated devices or third-party services (with your consent) like fitness trackers or health apps.
  • Connected Apps and Devices: REBEL may offer integrations with third-party health platforms (for example, connecting to Google Fit or Apple HealthKit) to help import or sync your wellness data (such as daily steps or other activity data). If you choose to connect such an account or device, we will receive certain information from that third party (e.g., step count, calories, or similar data you permit sharing). REBEL's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Google API “Limited Use” requirements. Likewise, if you connect to Apple HealthKit, we will comply with Apple’s guidelines for HealthKit data.
  • Inferred Health Information: We may infer additional health information from data you provide or that we collect. For example, we might derive insights about your fitness level or health status from your heart rate trends, or calculate indicators like training load or wellness scores. We treat any such inferred data as sensitive personal information and handle it with the same care as information you explicitly provide.

Consent for Health Data: Health-related data (including any data about your mental health as described above) is considered sensitive personal data. Where required by law or by platform policies, we will obtain your explicit consent before collecting or processing such data. For instance, before you upload or sync any health information to REBEL, we may ask you to consent to the processing of that data by us. You can withdraw your consent to our processing of your health or mental health information at any time, though this may affect your ability to use certain features (for example, if you withdraw consent for processing heart rate data, some fitness analysis features might not function).

Payment Information

When you make payments for our services (such as purchasing a membership or booking a paid program), you may provide payment details like your credit card number, billing address, or other financial information. We use third-party payment processors that comply with the Payment Card Industry Data Security Standards (PCI-DSS) to handle payment transactions. REBEL does not store your full credit card information on our own systems. We may retain limited information about your transaction (e.g., the card type and last four digits of your card number, transaction date, and amount) for record-keeping, receipt generation, and handling any payment disputes or refunds.

If You Choose Not to Provide Information

You are not obligated to provide us with personal information. However, if you decline to provide certain information that we require to deliver a service or fulfill a request, we may not be able to provide you with that service or complete the transaction. For example, if you do not provide necessary contact details or required health information for a particular wellness program, we might not be able to enroll you in that program or personalize it for you. We will inform you (for instance, on our forms or applications) which information is optional and which is necessary for the relevant purpose. If you have concerns about any information request, please contact us to discuss them.

How We Use Your Personal Information

REBEL collects and uses personal information only for purposes that a reasonable person would consider appropriate in the circumstances and as required to conduct our business or to comply with the law. The purposes for which we typically collect and use personal data include:

  • Providing and Personalizing Services: To set up and maintain your membership or account, verify your identity, and deliver the services you have requested (e.g., providing workout plans, nutrition advice, counselling sessions, or EAP services). This includes using data to personalize your experience – for instance, recommending content based on your wellbeing focus or suggesting wellness content relevant to your goals.
  • Performance Tracking and Analytics: To record your activities and analyze your performance over time. For example, we use your fitness data to chart your progress, compare past workout results, and enable features like leaderboards or challenges. If you use our GPS tracking features, we may match your activities to specific routes or segments to compare your performance with other users and display rankings.
  • Mental Health Support: If you are using mental health or counselling services, to monitor your progress, provide personalized guidance or resources, and ensure continuity of care. For EAP participants, this may involve coordinating sessions and following up on your well-being while maintaining confidentiality and anonymity in any reports (see How We Share Your Information below about EAP data sharing).
  • Customer Support and Communications: To respond to your inquiries, requests, and complaints, and to provide technical support or service updates. This includes using your information to communicate with you about your account, transactions, or changes to our services.
  • Product Improvement and Research: To research, develop, and improve our programs, services, and content. We analyze usage data and feedback to understand trends and user preferences, which helps us enhance existing offerings and develop new features. For example, understanding how users engage with our nutrition tracking can help improve that feature, or aggregating anonymized data from counselling sessions might help us identify common wellness challenges to address in our content (in all cases, individual identities remain protected).
  • Managing Membership and Relationships: To administer our relationship with you as a member or user, including processing enrollments, billing and payments, maintaining records, and enforcing our terms and conditions or membership agreements.
  • Marketing and Promotions: To inform you about our products, services, promotions, events, or other opportunities that may interest you. We may tailor these communications based on your profile and interactions (e.g., sending fitness-related offers to fitness program users, or wellness content updates to those who engaged with mental health resources). Direct marketing is conducted in accordance with applicable law – see Direct Marketing and Your Preferences below for more information on how we obtain consent and how you can manage your communication preferences.
  • Surveys and Feedback: To solicit your opinions or comments about our services via surveys or feedback requests, and to use your responses to improve our offerings and customer experience.
  • Events and Community Features: To manage and administer events, competitions, or community forums that you register for or participate in, and to facilitate social features of our platform (such as leaderboards, friend connections, or team challenges) if you choose to use them. For example, if you join a team challenge, we use your data to place you on the leaderboard and share your progress with other participants per the challenge rules.
  • Administrative and Legal Purposes: To carry out administrative tasks and enforce our policies. This includes activities such as internal training, quality control, troubleshooting, auditing, and compliance with legal obligations. For example, we may use personal data to ensure our systems' security, to prevent fraud or misuse of our services, to collect debts owed to us, or to comply with requests from law enforcement or regulatory authorities.
  • Recruitment: If you are a job applicant, to evaluate your candidacy, communicate with you during the recruitment process, and carry out background and reference checks (with your consent where required by law).
  • Aggregated Analytics: We may create anonymized and aggregated data sets (that no longer identify any individuals) for purposes such as statistical analysis, research, and product development. For instance, we might aggregate fitness data to study how users generally improve over time, or compile statistics on usage of our EAP services in general terms. Such aggregated insights help us understand the effectiveness of our services and may be shared externally, but they do not identify any individual.

We will use your personal information only for the purposes we have collected it for, or for purposes that are reasonably related to those (such as record-keeping for internal administration), unless we obtain your consent for a new purpose or as otherwise permitted by law. Where required by applicable law, we rely on certain legal bases to process your data, such as: your consent (for example, for processing sensitive health data or sending marketing communications), necessity to perform a contract with you (for providing our services and membership benefits), compliance with a legal obligation, or our legitimate interests in maintaining and improving our services (balanced against your rights and expectations of privacy).

Use of Health and Sensitive Data: Any health or medical information (including mental health data) you provide is used strictly to support your wellness journey and provide our services to you. We do not use sensitive health information for any unrelated secondary purposes, and we do not use or profile such data for marketing without your explicit consent. For example, we will not use your private health or counselling information to send you promotional messages, and we will not share your health data (such as data from Apple HealthKit or details from your counselling sessions) with advertisers or data brokers. We may use de-identified health data to improve our services (e.g., to enhance a workout recommendation algorithm), but this will not identify you personally.

Cookies and Online Tracking

Like many websites and apps, REBEL uses cookies and similar tracking technologies to enhance your experience and gather information about the usage of our online services:

  • What Are Cookies? Cookies are small text files placed on your computer or mobile device when you visit a website. They allow the site to recognize your device and store certain information about your preferences or past actions. We also use related technologies like web beacons (pixel tags), local storage, and software development kits (SDKs) in our app for similar purposes.
  • Why We Use Cookies: We use cookies to personalize and improve your browsing experience. For example, cookies help us remember your preferences (such as your language or region) and recognize you when you return to our site. They also help us understand how users navigate through our website or app, which pages or features are popular, and how our advertising campaigns perform. By analyzing this data, we can improve the structure, content, and functionality of our platforms.
  • Types of Cookies We Use:
    • Strictly Necessary Cookies: These cookies are essential for the operation of our website and services. They enable core functionality such as security, network management, and accessibility. For instance, they help you log in to secure areas of our site (like your member account dashboard) and load the pages you request.
    • Analytical/Performance Cookies: These cookies collect information about how visitors use our site (e.g., which pages are visited most often, or if users encounter error messages). The data is aggregated and anonymous, and we use it to improve how our website works and to understand user interests and usage patterns.
    • Functionality Cookies: These cookies allow our site or app to remember choices you make (such as your username, region, or display settings) and provide enhanced, more personalized features. For example, a functionality cookie might remember that you prefer workouts of a certain type, so we can show you those by default.
    • Targeting/Advertising Cookies: These cookies record your visit to our site, the pages you have viewed, and the links you have followed. We (and authorized third parties) use this information to make our site and any advertising displayed on it more relevant to your interests. They may also limit the number of times you see the same advertisement and help measure the effectiveness of ad campaigns. These cookies may be placed by us or by advertising partners with whom we work.
    • Third-Party Cookies: Some cookies on our site are set by third parties acting on our behalf or in partnership with us. For example, we use services from third-party analytics and advertising providers such as Google Analytics, Adobe Analytics, Facebook, and LinkedIn. These partners may set cookies that collect information about your online activities across our site and other sites, to help us measure and improve our marketing campaigns or to better target advertisements to you on third-party platforms. These cookies are subject to the third party’s own privacy policies. While we do not control the data collected by third parties via cookies, we contractually require that any third-party service we utilize handles data in compliance with applicable privacy laws.
  • How Long Cookies Last: Some cookies, called session cookies, are temporary and last only for the duration of your browsing session. They are deleted from your device when you close your browser or app. Other cookies, known as persistent cookies, remain on your device for a set period of time or until you delete them. Persistent cookies help us recognize you on your return visits and remember your preferences across sessions.
  • Your Cookie Choices: Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline some or all cookies, or to notify you when a cookie is being placed on your device. You have the right to choose whether or not to accept cookies (aside from strictly necessary cookies). However, please note that if you disable or reject certain cookies, some features of our site or services may not function properly. For example, you may not be able to stay logged in or use certain interactive features. For information on how to adjust your browser settings for cookies, refer to your browser’s help documentation (typically under "Help" or "Internet Options"). Additionally, there are browser extensions and tools that can help you manage cookies and similar tracking technologies.
  • Do Not Track: Our website does not currently respond to “Do Not Track” (DNT) signals from web browsers. DNT is a feature offered by some browsers that sends a signal to websites to request that your browsing not be tracked. If we implement such a feature in the future, we will update this Privacy Policy accordingly. In the meantime, to manage tracking, you can adjust your cookie settings as described above or use privacy tools to limit tracking.

How We Share Your Information

We do not sell your personal information for monetary value. However, we may share your personal information with third parties in certain circumstances as part of running our business and providing our services, or where disclosure is required by law. When we share information, we do so in accordance with this Privacy Policy and all applicable data protection laws. The key situations in which we share data are as follows:

  • Service Providers: We may share your personal information with third-party companies and individuals who perform functions on our behalf to support our services. These service providers assist us in a variety of business operations such as:
    • customer support and communications;
    • payment processing and billing;
    • technology and infrastructure (hosting our data, maintaining our website and app, data storage and backup);
    • analytics and marketing services (including analyzing data or assisting with advertising, though they will not use your sensitive information for targeted ads without consent);
    • professional services (such as auditors, lawyers, consultants); and
    • wellness services delivery (for example, external coaches, dietitians, or counsellors who operate as contractors to REBEL).

These providers are given access only to the personal information necessary for them to perform their specific tasks. They are contractually obligated to protect your information and use it only for the purposes of providing services to us (and not for their own unrelated purposes).

  • Third-Party Integrations and Partners: REBEL integrates with various third-party applications or services to enhance your experience. If you choose to connect your REBEL account with another app or platform (for example, linking a fitness tracker, joining a sponsored challenge, or logging in via a social network), we will share certain information with that third party as needed for the integration. Similarly, if you participate in a challenge or event that is co-sponsored by REBEL and another organization (e.g., a corporate wellness challenge), we might share relevant information with the co-sponsor – such as your name, contact information, and participation status – solely for the purposes of administering that event or benefit. Any information you voluntarily share through third-party integrations will be handled according to the third party’s own privacy policies. REBEL is not responsible for the privacy practices of these third parties, and we recommend you review their policies before connecting or sharing information.
  • Affiliates and Related Companies: We may share your personal information with our subsidiaries, parent company, or other affiliated companies within the REBEL corporate group, as needed to provide our services and operate our business. For example, if a related company helps to provide or support a portion of our services or is managing a regional aspect of our operations, we may transfer relevant user information to them. All our related entities are bound to protect your personal data in accordance with this Privacy Policy and applicable privacy laws.
  • Corporate Wellness Programs (EAP and Wellness Partnerships): If your use of REBEL’s services is part of a corporate-sponsored wellness program or EAP, we will not disclose any personal details of your participation to your employer without your consent. We may provide the sponsoring organization with periodic reports that contain anonymized and aggregated data about the program’s usage and outcomes. For instance, an employer might receive a report stating that “X% of eligible employees used the wellbeing program this quarter” or general trends like “common stress factors reported (in anonymous aggregate) among participants.” These reports will not include any information that identifies you or reveals personal details of your counseling or fitness activities. Your individual interactions with our counselors or coaches remain confidential. We would only share personal information back to an employer if you have given explicit consent for a specific disclosure, or if required by law (for example, in a situation where workplace safety is at serious risk – and even then, such scenarios are handled with extreme care and in compliance with professional ethics and legal requirements).
  • Legal Compliance and Protection: We may disclose personal information about you if we are required to do so by law, regulation, or legal process (such as a subpoena, court order, or government demand). We may also share information when we believe, in good faith, that disclosure is necessary to:
    • comply with applicable laws or regulatory requirements (including assisting law enforcement or regulatory agencies in preventing or investigating illegal activities);
    • protect our rights, property, or safety, or the rights, property, or safety of our users, employees, or the public (for example, exchanging information with other companies or organizations for fraud prevention or to prevent imminent harm);
    • enforce our Terms of Service, membership agreements, or other contracts, or investigate potential violations thereof; or
    • respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing the death or serious injury of any person.
  • Business Transfers: If REBEL undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, your personal information may be among the assets transferred to the acquiring or merging entity. We will ensure that any such transfer is subject to appropriate confidentiality protections and that your personal information remains protected. In the event of such a change, we will notify you if your personal information becomes subject to a new Privacy Policy or significantly different practices.
  • Aggregate and De-Identified Information: We may share information that has been de-identified or aggregated (so it cannot be used to identify you) with third parties for various purposes. For example, we might publish research or insights based on aggregate wellness data, or share statistics with partners about how many users we have in a certain region or how users as a whole are engaging with our platform. Such aggregate information will not contain any data that can be traced back to you individually. In some cases, we may receive compensation for sharing anonymized, aggregated data or reports, but this will never include personally identifiable information.

Data Security and Storage

Security Measures: REBEL takes reasonable and appropriate technical, administrative, and physical security measures to safeguard your personal information against loss, misuse, and unauthorized access, alteration, or disclosure. We employ various security practices such as encryption of data in transit (e.g., SSL/TLS for our website and app), firewalls and intrusion detection systems, access controls to limit who can access information, regular security audits, and staff training on data protection. We also store sensitive information (like passwords) using strong cryptographic hashing and, where applicable, encryption. Despite our efforts, please note that no method of data transmission or storage is completely secure. Therefore, while we strive to protect your information, we cannot guarantee absolute security of your data. You can help protect your account and personal information by using a strong, unique password for REBEL, not sharing your password with others, and alerting us immediately if you suspect any unauthorized access to your account.

Storage Locations: We primarily store personal data on secure servers and cloud infrastructure located in Singapore. However, as a global business, we may also use cloud services or technical infrastructure in other countries (for example, data centers in the United States or Europe) to store or process data. We ensure that any third-party storage providers we use have strong security practices and are contractually required to protect the data and restrict access.

Physical Records: In some cases, personal information may be collected or stored on paper (for instance, signed forms at an event or written consent forms for certain services). We handle physical records with care: they are stored in secure locations (such as locked cabinets or restricted-access offices), and we have procedures to shred or securely dispose of personal data in physical form that is no longer needed.

Retention Periods: We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required or permitted by law. The exact length of time we keep your information varies depending on the type of data and the context in which it was collected. We consider factors such as:

  • The duration of your use of our services or the term of your membership (for example, we may keep your profile information while your account remains active).
  • Ongoing obligations or expectations – if you have an active subscription or an open inquiry, we will retain relevant data to service those needs.
  • Legal requirements for retention – certain information must be kept for a defined period for legal or regulatory reasons (e.g., financial transaction records for tax or accounting purposes, or counselling records per professional guidelines).
  • The statute of limitations for potential legal claims – to retain records that might be needed for us to establish or defend against legal claims.
  • Our own business needs – for instance, maintaining records of user agreements, training our customer support (with anonymized data), or internal analytics.
  • Guidance from regulatory authorities or industry best practices.

When personal information is no longer needed for any legitimate purpose and no legal requirement to retain it applies, we will take steps to securely delete or anonymize the data. For example, we may irreversibly anonymize data so that it can no longer be associated with you (and then use aggregated information as described in this Policy), and/or we may securely dispose of records containing personal data. If complete deletion is not immediately feasible (e.g., the data is stored in long-term backups), we will isolate the data from further use until deletion is possible.

Direct Marketing and Your Preferences

REBEL may use your contact information (such as email, mailing address, or phone number) to send you communications about our new services, promotions, or events that we believe could interest you. We do so in compliance with applicable direct marketing laws, including Singapore’s PDPA and anti-spam regulations, and (where applicable) the GDPR and other global standards. We respect your choices and include controls for you to manage what types of messages you receive. Key points about our direct marketing practices:

  • Consent and Opt-In: Where required by law, we will obtain your consent before sending you marketing communications. For instance, when you register, we may ask if you want to receive newsletters or promotional offers. If you opt in, you agree that we can use your contact details to inform you about relevant offers or products. In jurisdictions where prior consent is not required, we rely on our legitimate interest in keeping our customers informed about our services; however, we will always provide a clear and easy way for you to opt out of these messages.
  • Content of Marketing Messages: Marketing messages may include updates about our programs, new wellness features, special membership deals, events, or general health and fitness tips. If you are part of a corporate program or EAP, we might also send content relevant to your program (e.g., stress management tips for EAP participants or group challenge announcements for corporate fitness programs), but we will not reveal any sensitive personal information in these messages. For example, we won’t mention your personal counseling topics or your specific workout stats in a marketing email.
  • Opting Out: You can opt out of receiving promotional communications from us at any time. If you wish to unsubscribe from email marketing, you can do so by clicking the "unsubscribe" link in any marketing email or by adjusting your communication preferences in your account settings (if available). To opt out of other forms of marketing (such as SMS messages or postal mail), follow the instructions provided in those communications or contact us directly (see Contact Information below). Once you opt out, we will remove you from the marketing list. Please note that opting out of marketing emails will not affect your receipt of transactional or service-related communications (as described below).
  • Transactional and Service Messages: Regardless of your marketing preferences, we will still send you important service-related communications when necessary. These are not promotional; they include things like receipts or invoices, confirmations of transactions or bookings, information about changes to our services or policies, security alerts (e.g., if we detect unusual activity on your account), or responses to your inquiries. Because these messages are necessary for using our services, you may not opt out of them.
  • Third-Party Marketing: We do not provide your personal data to external parties for their own direct marketing purposes unless you have expressly consented to such sharing. For example, we will not sell or rent your email address to other companies for them to send you unsolicited ads. If we ever facilitate a marketing partnership (for instance, a special offer from a wellness partner), those communications will typically come from REBEL (so your contact information is not given away), or we will ask for your permission before sharing your details with the third party.
  • Use of Sensitive Data in Marketing: As stated earlier, we do not use sensitive personal data like health information or counseling details for marketing purposes. We will not use or share your Apple HealthKit data, or any personal data from your mental health/counseling sessions, with advertising platforms, data brokers, or information resellers. Our marketing efforts focus on general service information and offers, and any personalization is based on non-sensitive data (for example, your general service usage or expressed interests).
  • Tailoring and Analytics: We may analyze your interactions with our communications (e.g., whether you open an email or click a link) to understand the effectiveness of our outreach and to improve future communications. We may also use tools that help us aggregate and analyze marketing response data. This is done to refine our marketing strategy; it does not result in automated decisions that have legal or significant effects on you, and you can opt out of the underlying communications as noted above.

How We Disclose Personal Information for Specific Purposes

In addition to the general sharing practices described above, we wish to clarify how we may use and disclose personal information in particular contexts or to specific audiences:

  • For Event Participants and Testimonials: If you attend a REBEL-sponsored event, competition, or appear in a testimonial, we might share basic information about you with other parties as needed. For example, for event logistics we may share your name with the venue for access control, or if the event has an official photographer, they may have a list of participants. We may also use or publish photos or videos from events (which could incidentally include your image) for promotional purposes (e.g., on our website or social media). We do so in a way that respects your privacy – for instance, we typically won’t tag or name you without permission, and we honor requests not to use a particular image if you object. If you provide a testimonial or success story, we will obtain your consent to use your name, likeness, or results in our marketing materials.
  • For Users of Mental Health and EAP Services: Your privacy in counseling and coaching is extremely important to us. Information you share with our counselors, coaches, or EAP personnel is kept confidential and used only to provide and improve those services to you. Within REBEL, access to your mental health records is strictly limited to authorized professionals (for example, your counselor and a small supervisory team if necessary for quality oversight), all of whom are bound by confidentiality obligations. We will not disclose your identity or personal details of your counseling to any third party except:
    • with your explicit consent on a case-by-case basis (for example, if you ask us to coordinate with your personal healthcare provider or refer you to external support, we will share information as needed with your permission);
    • or as required by law or professional ethical obligations in rare situations (such as if a counselor must act to prevent serious harm to you or others, or report abuse of vulnerable persons, consistent with applicable laws).

Any reporting to an employer for EAP purposes will be done using anonymized data as explained earlier under Corporate Wellness Programs. We treat mental health data with the highest degree of care and do not use it outside of providing the service to you, except in aggregated form for service improvement.

  • For Fitness and Wellness Members: If you are using our fitness-related services, we may share certain information with personnel involved in delivering those services. For example, if you sign up for a personal training session or a nutrition coaching program through REBEL, we may provide the trainer or coach (who might be an independent contractor working with us) access to your relevant profile information and fitness or dietary history so they can tailor the service to you. Similarly, if you participate in a group challenge, leaderboard, or community forum within our app, some of your information (like your username, profile photo, and performance statistics) may be visible to other participants by the nature of those features. We will make it clear within the app what information is shared publicly (for example, when joining a leaderboard, you'll see what data is displayed). We also use data from integrated sources like Apple HealthKit or Google Fit strictly to provide you services (e.g., to personalize your workout recommendations or track progress). Such data may be used internally to enhance your experience but, as noted above, is not used for external marketing or shared with third-party advertisers.


  • Disclosure to Contractors and Service Providers: As noted, REBEL may disclose personal information to third parties we engage to support our operations. To reiterate, this includes contractors and service providers used for data processing, analytics, customer satisfaction surveys, information technology support, website and app development, email/SMS delivery, printing or mailing, archiving, and market research. Personal information may also be shared between related and affiliated companies of REBEL in Singapore and overseas, strictly for the purposes described in this Privacy Policy. In some cases, third parties to whom we have disclosed your personal information may contact you directly on our behalf (for example, a survey agency might email you to request feedback about our services, identifying themselves as working for REBEL). These parties will make clear their relationship to us and provide you with access to their privacy information upon contact.
  • Administrative Uses: We also use and disclose personal information for a range of administrative, management, and operational purposes, which might not be immediately evident to users but are necessary for our business. This includes:
    • Billing and Payments: sharing necessary details with payment gateways or debt collection agencies if required;
    • Service Planning and Quality Improvement: internal analyses, audits, and training of staff (for example, using an interaction as a case study internally, after removing identifying details, to improve how we handle certain situations);
    • Risk Management and Legal: consulting with legal counsel or insurers, and sharing information as needed to manage legal claims, disputes, or insurance coverage;
    • Enquiries and Complaints: if you make a complaint about our service, the details of that complaint (including information about you and your experience) may be shared internally with relevant departments and potentially with external advisors to resolve the issue;
    • Regulatory Reporting: disclosing data to regulators or authorities if required (e.g., reporting an incident or fulfilling mandatory reporting obligations under law).
  • Other Situations Disclosed at Collection: If we intend to use or disclose your personal information for purposes not covered in this Privacy Policy, we will let you know at the time of collection (through a specific notice or request for consent). For example, if we run a special research project or pilot program that involves collecting your data for a new purpose, we would provide a separate consent form or privacy notice detailing that use. We believe in transparency and will ensure you are informed of any additional uses of your information beyond the general uses stated here.

Our goal is to be transparent and give you meaningful control over how your data is collected and shared. If you have any specific questions or concerns about our data handling practices in any context, please reach out to us (see Contact Information below), and we will be happy to provide further information.

International Data Transfers

REBEL is based in Singapore but operates and works with partners around the world. This means your personal information may be transferred to, stored in, or processed in countries other than your home country. For example, we may use cloud servers located in the United States or Europe, or allow our support and development teams in other regions to access data in order to assist you or maintain our services.

When we transfer personal data out of the country in which it was collected, we take steps to ensure that your data remains protected according to standards that are at least as stringent as those under the local laws applicable to us. If you are in Singapore, this means we comply with the PDPA’s requirements on international transfers (for instance, we may ensure the recipient is bound by legally enforceable obligations to provide a standard of protection for the data that is comparable to the protection under Singapore law). If you are in the European Economic Area (EEA) or the UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses for data transfers, or other mechanisms approved under GDPR, to ensure a lawful transfer of your information.

We will only transfer your data to jurisdictions outside of Singapore, the EEA, or your country of residence where we are permitted to do so by law. Generally, this means:

  • The transfer is necessary to perform a contract with you (for example, if you are traveling and want to use our services abroad, or if you request a service that involves our overseas branches or partners).
  • Or the transfer is subject to appropriate safeguards (as described above, such as an agreement incorporating Standard Contractual Clauses or a binding corporate rules framework).
  • Or we have your consent for the transfer (in cases where consent is required by law for certain transfers).
  • Or the transfer is otherwise allowed by applicable data protection law (for instance, the transfer is necessary for the establishment, exercise, or defense of legal claims, or to fulfill a compelling legitimate interest that does not outweigh your rights).

Please note that different countries may have different privacy laws and standards, and your data may be subject to the laws of jurisdictions where it is stored or processed. However, our practices regarding your personal information will at all times continue to be governed by this Privacy Policy and the commitments we make to you, so that your rights and protections travel with your data.

Your Privacy Rights

You have rights regarding your personal data, and REBEL is committed to respecting and facilitating those rights. Your rights may vary depending on the laws that apply to your situation (for example, Singapore’s PDPA provides certain rights, while GDPR provides additional ones to EU residents). Below is an overview of your key data protection rights:

  • Access: You have the right to request access to the personal information we hold about you. This includes the right to ask for details on what data we have, how we are using it, and to obtain a copy of that information. To make an access request, please contact us (see Contact Information below). We will need to verify your identity before providing data to ensure that we do not inadvertently disclose personal information to the wrong person. We will respond to access requests within a reasonable timeframe and as required by law (typically within 30 days under PDPA and GDPR, with possible extensions). In some cases, we may be permitted by law to refuse access or not provide a copy (for example, if providing the data would unreasonably reveal personal information about another individual, or if it is subject to legal privilege). If we refuse your request, we will inform you of the reason (unless we are legally prevented from doing so).
  • Correction: We strive to keep your personal information accurate and up-to-date. If you believe that any information we hold about you is incorrect, incomplete, or outdated, you have the right to request that we correct or update it. You can do this by contacting us or, where applicable, by making the changes yourself through your account profile settings. Upon receiving a correction request, we will verify the information and make the appropriate corrections where required. If we are unable to fulfill your request (for example, if we disagree that the data is inaccurate or if we are legally required to keep the information as-is), we will let you know the reason. Where required by law, if we do not correct the data, you may have the right to have a note attached to the information indicating that you requested a correction.
  • Withdrawal of Consent: Where we rely on your consent to process personal data (such as for sending marketing emails or for processing health data beyond what’s strictly necessary for our services), you have the right to withdraw that consent at any time. This can be done by changing your preferences (for example, unsubscribing from marketing communications) or contacting us. If you withdraw consent, we will stop the processing for which consent was obtained, unless we have another lawful basis to continue (for example, retaining certain transaction records if needed for legal or auditing purposes). Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Do note that if you withdraw consent for us to use certain information (like health or location data necessary for a feature), we may not be able to continue providing that feature or service to you.
  • Deletion (Right to Erasure): In certain jurisdictions (such as under the GDPR for EU residents), you may have the right to request that we delete personal information that we hold about you. This is sometimes referred to as the “right to be forgotten.” You can request deletion of your data by contacting us with your specific request. We will honor such requests where required by law. However, this right is not absolute – we may need to retain some information for a period of time to comply with legal obligations or for other legitimate reasons. For example, we might retain some transaction records for financial reporting, or keep a record that you opted out of marketing to ensure we respect your opt-out. If we are unable to fulfill a deletion request, we will explain the reasons to you.
  • Objection to Processing: You may have the right to object to certain types of processing of your data. For example, if we are processing your data based on our legitimate interests (or those of a third party) and you feel it impacts your rights, you can object. You also have the right to object at any time to the use of your personal data for direct marketing purposes (which we accommodate through the opt-out mechanisms described in Direct Marketing and Your Preferences). If you raise an objection, we will consider it and respond in accordance with applicable law. In cases where your objection is valid, we will stop the processing in question. If we cannot comply with your objection (for instance, if the data is needed for the defense of legal claims or we have compelling legitimate grounds to continue processing), we will inform you of that decision.
  • Restriction of Processing: You have the right to request that we restrict the processing of your personal information under certain circumstances. This means we would hold onto the data but not actively use it (beyond storing it) until the restriction is lifted. You might request this if, for example, you contest the accuracy of the data (we would then restrict processing until we verify accuracy), or if you need us to preserve data for a legal claim while not using it otherwise. If your request is granted, we will mark the data as restricted and only process it for specific reasons allowed (such as with your consent or to handle legal claims). We will let you know before any restricted data is made active again.
  • Data Portability: For data that you have provided to us and that we process by automated means on the basis of your consent or to fulfill a contract, you have the right (in some jurisdictions, such as the EU) to obtain a copy of that data in a structured, commonly used and machine-readable format. You also have the right to request that we transmit that data directly to another organization, if it’s technically feasible. This right is designed to enable you to reuse your personal data across different services. If you require such data portability, please contact us with the details of your request (for example, which data you would like to port and to whom). We will inform you whether it’s possible and proceed as required by law.
  • Complaint to Regulator: If you believe we have infringed your privacy rights or handled your personal information in a way that is not in accordance with the law, you have the right to lodge a complaint with a data protection authority. For individuals in Singapore, the relevant authority is the Personal Data Protection Commission (PDPC). For those in the EEA, you can contact your local Data Protection Authority; if REBEL has a lead supervisory authority in the EU, we will inform you of that as needed (currently, as a Singapore company, our lead authority would depend on where we might have an EU establishment). In the United Kingdom, you can contact the Information Commissioner’s Office (ICO). We encourage you to first reach out to us with any complaints (see Complaints and How to Contact Us below) so that we can try to resolve them directly.

To exercise any of your rights, please contact our Privacy Officer using the contact details provided in the Contact Information section below. We will need to verify your identity (for example, by asking you to confirm some details we already have on record) before fulfilling certain requests to ensure we do not disclose or modify data inappropriately. We will respond to your request as soon as reasonably possible and within any timeframe required by law (for example, within 30 days for PDPA requests, or one month for GDPR requests, with the possibility of extension as permitted). If we need more time or cannot fulfill your request in whole or in part, we will let you know and explain the reason (e.g., when requests are unfounded or excessive under the law, or when further time is needed to gather data).

Please note that certain rights may not be available to you depending on the circumstances and the governing law. We are committed to respecting the rights that apply to you and will assist you in understanding and exercising those rights.

Complaints and How to Contact Us

We take your privacy concerns seriously. If you have any questions, concerns, or complaints about how we handle your personal information or about this Privacy Policy, we encourage you to contact us so we can address them.

Contacting REBEL: You can reach our Data Protection Officer (Privacy Officer) by email at dataprivacy@rebelwithus.com. Please include the subject line “Privacy Inquiry” or “Privacy Complaint” as appropriate, and provide details about your question or concern. You may also contact us by mail at our business address listed on our website (Attention: Privacy Officer). If you are making a request to exercise your data rights, it’s helpful to state which right you wish to exercise and the details of your request.

Handling of Complaints: When we receive a privacy-related complaint, our Privacy Officer will review it and determine the appropriate next steps. We may ask you for additional information to understand your complaint fully. We strive to acknowledge receipt of privacy complaints within 7 days and to resolve complaints in a timely manner. In general, for straightforward issues we aim to provide a substantive response or resolution within 30 days. If a complaint is complex or requires more investigation, we will inform you that we need more time and keep you updated on the progress.

We will investigate all aspects of the complaint, which might involve reviewing relevant policies, talking to staff or service providers involved, and examining any pertinent records or communications. After our investigation, we will respond to you with the outcome: this will include any actions we have taken to address the issue or improvements we will make based on your feedback.

If you are not satisfied with our response to a privacy complaint, you have the right to escalate the matter. As noted above, you may contact the PDPC in Singapore or the relevant data protection authority in your jurisdiction. We sincerely hope to resolve any concerns directly and promptly, but we fully respect your right to seek assistance or remedies through these external channels.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to the way we handle your personal information, we will notify you by appropriate means. For example, we may post a prominent notice on our website or within our app, or send you an email notification (if you have provided an email address and allowed such contact) to inform you of significant changes. The “Effective Date” at the top of this Policy will be updated to indicate when the latest changes were made.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use our services or interact with us after any changes to this Privacy Policy, it will signify your acceptance of the updated terms (to the extent permitted by law). However, if any change requires your consent (for example, if in the future we seek to use your data for a new purpose that requires consent under applicable law), we will obtain that consent.

Contact Information

If you have any questions or requests regarding your personal data or this Privacy Policy, please contact us at:

Fitness Asia Pte. Ltd. – Data Privacy Officer
Email: dataprivacy@rebelwithus.com

Our Privacy Officer (or an appropriate representative) will be responsible for responding to you. We value your feedback and appreciate the opportunity to address your concerns. Your privacy is important to us, and we are committed to protecting it.