Privacy Policy

Last updated: March 24, 2026

Your privacy matters. This policy explains what data Runlab collects, how it is used, and your rights.

1. Information We Collect

Account Information

When you create an account, we collect your email address and display name. If you sign in with Apple or Google, we receive limited profile information from those providers.

Strava Data

If you connect Strava, we access your activity data (runs, distances, pace, heart rate, routes) through the Strava API with your explicit permission. We request read-only access and never post to your Strava account.

Apple Health Data

If you connect Apple Health, we read the following data types with your explicit permission:

  • Heart Rate Variability (HRV) — recovery marker
  • Resting Heart Rate — cardiovascular fitness baseline
  • Sleep Analysis — recovery context
  • VO2 Max — aerobic fitness metric
  • Body Mass — energy metric normalization
  • Active Energy Burned — training load context

This data is read-only — Runlab does not write to Apple Health.

Usage Data

We collect basic analytics about app usage to improve the experience, such as which features are used and crash reports.

2. How We Use Your Information

  • Personalized Coaching. Your training data and health metrics are used to generate AI-powered coaching insights tailored to your fitness level and goals.
  • Training Analysis. Activity data is processed to compute performance metrics (training load, fitness, fatigue) and generate activity summaries.
  • Health Context. Apple Health data is used to provide recovery recommendations and inform training suggestions based on your physiological state.
  • Account Management. Your email is used for authentication, account recovery, and essential service communications.

3. Data Storage & Security

Your data is stored on secure servers hosted by Supabase (cloud infrastructure) and Railway (backend processing). All data is transmitted using HTTPS/TLS encryption in transit.

Apple Health data is never stored in iCloud. Health snapshots are transmitted securely to our servers for processing and are protected by row-level security policies that ensure only you can access your data.

We use industry-standard encryption for sensitive data including authentication tokens and connection credentials.

4. AI Coach & Data Processing

When you use the AI Coach feature, your training data and health metrics may be sent to Anthropic's Claude API via our backend server to generate personalized responses. This data is:

  • Transmitted securely via our backend server (never directly from your device to Anthropic)
  • Used only to generate your coaching response
  • Not used by Anthropic to train their models
  • Not stored by Anthropic beyond the processing of your request

5. Data Sharing

We do not sell your data. We do not sell, rent, or share your personal information or health data with third parties for advertising, marketing, or data brokerage purposes.

We may share data only in the following limited circumstances:

  • Service Providers. With infrastructure providers (Supabase, Railway, Anthropic) solely to operate the service, under strict data processing agreements.
  • Legal Requirements. If required by law, court order, or governmental regulation.

6. Apple Health Data

In compliance with Apple's HealthKit guidelines:

  • Health data is only used for the app's primary purpose of providing personalized running coaching and training insights.
  • Health data is never used for advertising or sold to third parties, including data brokers.
  • Health data is never stored in iCloud or any Apple cloud service.
  • You can revoke Apple Health access at any time through the Health app or iOS Settings.
  • Revoking access does not delete previously synced snapshots from our servers. To delete all data, use the "Delete account" option in your profile.

7. Your Rights & Controls

  • Access & Export. You can view all your data within the app at any time.
  • Disconnect Integrations. You can disconnect Strava or Apple Health at any time from your profile. Disconnecting Strava also deletes all imported Strava activities.
  • Delete Account. You can permanently delete your account and all associated data from the Profile screen. This action is irreversible.
  • Health Data Toggle. You can enable or disable Apple Health context sharing with the AI Coach at any time using the heart toggle in the chat interface.

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data, activity data, health snapshots, and AI coach history are permanently deleted from our servers.

9. Children's Privacy

Runlab is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or via email. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Email: privacy@runlab.fit