Privacy Policy

Last updated: April 2026

1. What We Collect

RunCoach collects the following data when you use the application:

• Account information: Name, email address, and profile picture from Google Sign-In.
• Training data: Running distance, duration, pace, heart rate, cadence, elevation, and perceived effort from manually logged runs or Strava sync.
• Health-related data: Body weight (if provided for nutrition planning), sleep quality, energy levels, soreness, and stress levels (if provided via daily readiness check-ins).
• Training plans: Generated plans including target distances, weekly mileage, and workout schedules.

2. How We Use Your Data

• Generate personalized training plans and nutrition guidance.
• Adapt your training based on logged performance.
• Provide coaching feedback and readiness assessments.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

• Google Sign-In: We use Google OAuth for authentication. Google receives your sign-in request; we receive your name, email, and profile picture.
• Strava: If you connect Strava, we access your activity data (runs) via the Strava API. You can disconnect Strava at any time from your account settings, which removes all stored Strava credentials.

4. Cookies & Consent

• access_token: An HTTP-only session cookie for authentication. Strictly necessary for the application to function.
• anonymous_user_id: Used to associate training plans with your browser session before you sign in. This cookie is only set when you interact with plan generation or API features — not on your first page visit.

RunCoach does not use analytics or advertising cookies. A cookie notice is displayed on your first visit to inform you about cookie usage. By using RunCoach's plan generation and health tracking features, you consent to the collection and processing of the health-related data described in section 1.

5. Data Storage & Security

Your data is stored in an encrypted database. Sensitive credentials (such as Strava tokens) are encrypted at rest using Fernet symmetric encryption. All connections to RunCoach are served over HTTPS.

6. Your Rights

• Access: You can view all your data through the application (plans, runs, analytics).
• Deletion: You can delete your account and all associated data at any time. Go to your account settings or send a request to the contact below. Account deletion is permanent and removes all plans, run logs, readiness logs, saved recipes, and Strava credentials.
• Strava disconnect: You can disconnect Strava at any time, which clears all stored Strava tokens and credentials.

7. Data Retention

Your data is retained as long as your account is active. If you delete your account, all associated data is permanently removed. Inactive accounts (no login for 24 months) may be deleted automatically.

8. Contact

For privacy-related questions or data deletion requests, contact us at the email associated with this project.