RunFitCoach Privacy Policy

Privacy Policy

Last Updated: March 8, 2026

1. Introduction

RunFitCoach values your privacy and the protection of your personal data. This Privacy Policy explains the information we collect about you as part of your use of our website, mobile applications, and related services (together the “Services”), how we use that information, the extent to which we share that information with third parties, and your rights in respect of such information.

This Privacy Policy should be read alongside our Terms of Service, which set out the terms applicable to use of our Services.

Data Controller: RunFitCoach, with its registered address at 619 West Fullerton Parkway, Chicago, IL. Throughout this Privacy Policy, the terms “RunFitCoach,” “we,” “us,” “platform,” and “our” refer to RunFitCoach.

Important: When you use RunFitCoach and connect third-party devices or services (such as Garmin, COROS, Whoop, Oura, Strava, or Apple Health), any data you share with RunFitCoach through those integrations is submitted to and controlled by RunFitCoach — not by the third-party platform. The third-party platform bears no responsibility or liability for data once it has been transmitted to RunFitCoach.

By using the Services, you consent to our use of your personal data in accordance with this Privacy Policy. If you have any queries, please contact us at support@runfitcoach.com.

This Privacy Policy may change from time to time. Your continued use of the Services after we make changes is deemed to be acceptance of those changes. You will know if there has been an update by referring to the “Last Updated” date at the top of this page.

2. What We Collect and Why

We collect a range of information to provide you with the Services and to continually improve the user experience.

Profile Information

We may collect your name, date of birth, gender, profile picture, and contact details (such as your email address).

Purpose: Internal record keeping; providing access to the Services; customer support and service communications; shipping merchandise (if applicable); marketing communications (with your consent).

Lawful basis: Your consent; performance of our contract with you.

Payment Information

Where you purchase a subscription or other items directly through RunFitCoach, we collect necessary billing information. Payment processing is handled by PCI-compliant third-party providers (such as Stripe or Apple/Google in-app purchase systems). We do not store full credit card numbers on our servers.

Lawful basis: Performance of our contract with you.

Location Data

RunFitCoach does not collect GPS location data by default. GPS tracking is only activated when you explicitly enable it for a specific workout recording within the app. You will be prompted to grant location permission on your device before any GPS data is collected. You may disable location permissions at any time through your device settings.

When GPS tracking is enabled for a workout, we collect latitude, longitude, elevation, and route data for the duration of that workout session only.

Lawful basis: Your explicit consent.

Health & Fitness Data

When you use the Services, we may collect the following health and fitness data:

  • Distance and pace

  • Cadence

  • Workout time and duration

  • Workout type (run, strength session, etc.)

  • Heart rate (if connected via a supported device or integration)

  • Strength training data including exercises, sets, reps, and weights

  • Fatigue level self-reports (1–5 scale)

  • Injury area self-reports

  • Equipment availability selections

  • FIT Score (VDOT-based aerobic capacity metric)

  • Training phase and plan progress data

Lawful basis: Your consent; performance of our contract with you.

Push Notifications and In-App Messaging

If you enable push notifications, we collect your device push notification token to send you workout reminders, plan updates, and other service communications. Marketing-related push notifications will only be sent with your consent and can be opted out of separately within the app or via your device settings.

Lawful basis: Your consent; legitimate interests in providing the Services.

Technical & Usage Data

We may collect: IP address, device identifiers, operating system and version, app version, browser type (for web use), usage metrics (features used, session duration, screens viewed), crash logs and performance data, and server logs.

This information helps us improve performance, diagnose issues, and enhance the user experience.

Lawful basis: Performance of our contract; legitimate interests in improving the Services.

3. Third-Party Device and Platform Integrations

RunFitCoach allows you to connect third-party devices and platforms to import health and fitness data into the Services. This section describes how we handle data from each supported integration.

Key Principle

All third-party integrations are opt-in. RunFitCoach will never automatically connect to or import data from any third-party service. You must explicitly authorize each connection. You may disconnect any integration at any time through your account settings.

General Rules for All Integrations

The following rules apply to data received from all third-party integrations:

  • Your data, our responsibility: Once data is transmitted from a third-party platform to RunFitCoach, that data is controlled by RunFitCoach. The third-party platform (e.g., Garmin, COROS, Whoop, Oura, Strava) bears no responsibility or liability for your data after it has been received by RunFitCoach.

  • No selling of partner data: We will never sell, license, lease, or provide to advertisers or data brokers any data received from third-party integrations, even if you consent to such use. This prohibition is absolute.

  • No sharing with AI/ML providers: Data received from third-party integrations (Garmin, COROS, Whoop, Oura, Strava, Apple Health) is not shared with any external AI or machine learning service providers. Only data generated natively within the RunFitCoach app (such as your FIT Score inputs, strength workout selections, fatigue self-reports, and plan adjustments) may be processed by AI services, as described in Section 4.

  • Purpose limitation: Data imported from third-party integrations is used solely to provide you with the RunFitCoach Services — specifically to inform your training plan, pace zones, workout recommendations, and performance tracking. We do not use partner data for advertising, marketing to third parties, or any purpose unrelated to providing the Services to you.

  • Disconnection rights: You may disconnect any integration at any time through your RunFitCoach account settings. When you disconnect an integration, we will stop importing new data from that platform. Previously imported data will be retained in your account unless you request its deletion.

  • Consent-based access only: Each integration uses OAuth 2.0 or a similar authorization flow provided by the third-party platform. You explicitly authorize what data RunFitCoach can access through the platform’s own permissions screen. RunFitCoach will only request access to data types relevant to providing the Services.

Garmin Connect

When you connect your Garmin account, RunFitCoach may receive the following data through the Garmin Connect API, subject to the permissions you grant:

  • Activity data (distance, pace, duration, cadence, elevation)

  • Heart rate data

  • GPS/route data (only if you have enabled GPS tracking on your Garmin device)

  • Training status and fitness metrics

Garmin disclaimer: Any data submitted to RunFitCoach through the Garmin Connect integration is submitted to RunFitCoach and not to Garmin. Garmin has no responsibility or liability for any data once it has been transmitted to RunFitCoach. RunFitCoach’s use of the Garmin Connect API is subject to the Garmin Connect Developer Program Agreement.

RunFitCoach will not retain Garmin-sourced data longer than necessary for the reasonable operation of the Services, unless you provide express consent to retain your data for a longer period (e.g., by maintaining an active account).

COROS

When you connect your COROS account, RunFitCoach may receive activity data including distance, pace, duration, heart rate, cadence, and GPS/route data, subject to the permissions you grant through the COROS authorization flow.

Data received from COROS is handled under the same general rules described above. COROS has no responsibility or liability for your data after it is transmitted to RunFitCoach.

WHOOP

When you connect your WHOOP account, RunFitCoach may receive the following data through the WHOOP API, subject to the permissions you grant:

  • Recovery scores and metrics

  • Strain scores

  • Sleep data (duration, stages, sleep score)

  • Heart rate and heart rate variability (HRV)

  • Workout/activity data

WHOOP data received by RunFitCoach is encrypted both in transit (via HTTPS/TLS) and at rest using industry-standard encryption (AES-256 or equivalent). WHOOP has no responsibility or liability for your data after it is transmitted to RunFitCoach.

RunFitCoach’s use of the WHOOP API is subject to the WHOOP API Terms of Use. RunFitCoach will not transfer or disclose WHOOP-sourced user data to any third parties except as expressly permitted by the WHOOP API Terms, by you, by this Privacy Policy, and in compliance with all applicable laws.

Oura

When you connect your Oura Ring account, RunFitCoach may receive the following data through the Oura API, subject to the permissions you grant:

  • Sleep data (sleep score, duration, stages, efficiency)

  • Readiness scores

  • Activity data (steps, calories, movement)

  • Heart rate and HRV

  • Body temperature trends

  • Respiratory rate

Oura-specific restrictions: RunFitCoach will never sell, license, lease, or share Oura-sourced data with any third party, including advertisers or data brokers, regardless of whether you consent to such use. This restriction is required by the Oura API Agreement and is honored by RunFitCoach without exception.

Oura usage data disclosure: Oura may collect certain usage data related to RunFitCoach’s use of the Oura API and the Oura platform in connection with the RunFitCoach integration. Oura may use such usage data for any business purpose, including improving the Oura API or platform. This is required under the Oura API Agreement.

RunFitCoach’s use of the Oura API is subject to the Oura API Agreement and the Oura Terms of Use, including the Oura Privacy Policy.

Strava

When you connect your Strava account, RunFitCoach may receive activity data including distance, pace, duration, heart rate, cadence, GPS/route data, and activity type, subject to the permissions you grant through Strava’s OAuth authorization flow.

Strava has no responsibility or liability for your data after it is transmitted to RunFitCoach. RunFitCoach’s use of the Strava API is subject to the Strava API Agreement.

Apple Health / Google Health Connect

If you grant RunFitCoach access to Apple Health (iOS) or Google Health Connect (Android), we may read health and fitness data you have chosen to share, including workout data, heart rate, steps, and other metrics available through those platforms.

RunFitCoach will only read the specific data types you authorize. We will not write data to Apple Health or Google Health Connect without your explicit permission. Data received through Apple Health or Google Health Connect is subject to the same general rules described above and is not shared with third parties, advertisers, or AI/ML providers.

Future Integrations

RunFitCoach may add support for additional third-party platforms in the future. Any new integration will follow the same principles outlined in this section: opt-in authorization, purpose limitation, no sale of partner data, no sharing with AI/ML providers, and your right to disconnect at any time. This Privacy Policy will be updated to reflect new integrations as they are added.+

AI and Personalization

RunFitCoach uses automated systems, including AI and machine learning tools, to generate personalized training plans, pace zones, and adaptive strength workouts based on your fitness data.

What Data Is Used for AI Personalization

Only data generated natively within the RunFitCoach app is eligible for processing by external AI or machine learning service providers. This includes:

  • FIT Score and pace zone inputs

  • Strength workout selections, fatigue self-reports, injury self-reports

  • Equipment selections

  • Training phase and plan adjustment history

  • Workout completion data recorded directly in the app

What Data Is NOT Shared with AI Providers

Data imported from third-party integrations (Garmin, COROS, Whoop, Oura, Strava, Apple Health) is never shared with external AI or machine learning service providers. This data is used internally by RunFitCoach to inform your training recommendations, but it is not transmitted to any external AI service.

Anonymization

When app-generated data is shared with AI service providers (such as large language model API providers), it is anonymized before transmission. “Anonymized” means: your name, email address, account ID, and any other directly identifying information are stripped from the data before it is sent. The AI provider receives only the workout parameters and fitness metrics needed to generate recommendations.

You may withdraw your consent for AI-assisted personalization at any time through your account settings. Withdrawing consent may limit certain adaptive features of the app, such as natural language plan adjustments.

Lawful basis: Your consent; legitimate interests in improving the Services.

5. Cookies and Tracking Technologies

Our website (hosted on Squarespace) may use cookies and similar tracking technologies.

  • Essential cookies: Required for the website to function (session management, security). Cannot be disabled.

  • Analytics cookies: Used to understand visitor behavior. We use Google Analytics 4, which collects anonymized usage data.

  • Marketing cookies: Used to deliver relevant advertising and measure campaigns. Only set with your consent.

Squarespace may also set its own cookies. See Squarespace’s privacy policy for details.

When you first visit our website, you will see a cookie consent banner. You can accept or decline non-essential cookies. You can also manage preferences through your browser settings. Disabling certain cookies may affect website functionality.

Do Not Track: Some browsers send a Do Not Track signal. We currently do not respond to Do Not Track signals, but we honor cookie preferences set through our consent banner and browser settings.

6. Data Retention

  • Active accounts: We retain your data for as long as your account remains active.

  • Account deletion: When you request account deletion, we will delete or anonymize your personal data within 30 days. Certain data may persist in encrypted backups for up to 90 days before permanent removal.

  • Integration-sourced data: Data received from third-party integrations (Garmin, COROS, Whoop, Oura, Strava) is not retained longer than necessary for the reasonable operation of the Services. If you disconnect an integration, we stop importing new data. Previously imported data remains in your account unless you request deletion.

  • Legal obligations: We may retain certain records (e.g., billing records) as required by applicable law, even after account deletion.

  • Anonymized data: Fully anonymized data that cannot be linked back to you may be retained indefinitely for analytics and product improvement.

You may request deletion of your personal data at any time by contacting support@runfitcoach.com or through your account settings.

7. Data Sharing

We do not sell your personal data. We do not sell, license, or lease data received from any third-party integration to any party, including advertisers and data brokers, under any circumstances.

We may share your information with trusted third parties necessary to operate the Services:

  • Cloud hosting providers (e.g., AWS, Google Cloud)

  • Payment processors (e.g., Stripe, Apple, Google)

  • Communication and customer support platforms

  • CRM systems

  • Analytics and performance tools (e.g., Google Analytics)

  • Advertising partners (with your consent only, and never using integration-sourced data)

  • AI/ML service providers (with your consent, using only anonymized app-generated data as described in Section 4)

  • Legal and compliance advisors

Where required, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

We may disclose information where required by law or to protect the rights, safety, or property of RunFitCoach and its users.

These third-party service providers process your personal data on our behalf and in accordance with our instructions. They are contractually obligated to use your data only for the purposes of providing their services to RunFitCoach and to maintain appropriate security measures. They may not use your personal data for their own purposes.

Business Transfers

If RunFitCoach is involved in a merger, acquisition, restructuring, or asset sale, personal data may be transferred as part of that transaction. We will notify you via email or prominent notice within the app before your data is transferred and becomes subject to a different privacy policy. For data received from Oura, we will provide Oura with advance notice of such transaction as required by the Oura API Agreement.

8. Data Security

We use the following security measures to protect your personal data:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS).

  • Encryption at rest: Personal data stored on our servers is encrypted at rest using industry-standard encryption (AES-256 or equivalent).

  • Access controls: Access to personal data is restricted to authorized personnel who require access to provide the Services. All employees and contractors with data access are bound by confidentiality obligations.

  • Secure integrations: All third-party API integrations use OAuth 2.0 or equivalent secure authorization protocols. API credentials are stored securely and never exposed in client-side code.

While we implement reasonable security measures, no system is 100% secure. We cannot guarantee the absolute security of your data.

If a data breach occurs that poses a significant risk to your rights and freedoms, we will notify appropriate authorities within 72 hours as required by applicable law, and will notify affected users without undue delay.

9. User Account Assistance Mode

In certain circumstances, and only at your explicit request and consent, a RunFitCoach employee may temporarily access your account for troubleshooting purposes. When activated: access is limited to authorized personnel; location and detailed health data will not be accessed; secure authentication controls are used; consent is required for each activation; access is logged and time-limited.

Contact support@runfitcoach.com with questions about this feature.

10. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.

  • Correction: Request correction of inaccurate or incomplete data.

  • Deletion: Request deletion of your personal data.

  • Restriction: Request that we restrict processing in certain circumstances.

  • Portability: Request a machine-readable copy of your data.

  • Object: Object to processing based on legitimate interests.

  • Withdraw consent: Withdraw consent at any time without affecting lawfulness of prior processing.

  • Automated decisions: Request human review of decisions made solely by automated processing.

  • Integration disconnection: Disconnect any third-party integration and request deletion of data imported through that integration.

To exercise your rights, contact support@runfitcoach.com. We will respond within 30 days (or within the timeframe required by applicable law). If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom data is shared.

  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.

  • Right to Correct: Request correction of inaccurate personal information.

  • Right to Opt Out of Sale or Sharing: We do not sell your personal data. We do not share personal data for cross-context behavioral advertising without your consent.

  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your California privacy rights, contact support@runfitcoach.com. We will verify your identity before processing your request.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories as defined by the CCPA: identifiers (name, email, IP address); commercial information (subscription history); internet or electronic network activity (usage data, device information); geolocation data (GPS from opt-in workout tracking); health and fitness information (workout data, heart rate, FIT Score, fatigue/injury reports); and inferences drawn from the above (personalized training recommendations).

12. International Data Transfers

RunFitCoach is based in the United States. If you access the Services from outside the United States, your personal data may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

Where personal data is transferred from the European Economic Area (EEA), United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of data protection, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

13. Children

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from individuals under 18. If we become aware of such data, we will delete it promptly. Parents or guardians who believe their child has provided personal data should contact support@runfitcoach.com.

14. Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before sharing data with them.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website and, where appropriate, by notification through the app or via email. Your continued use of the Services after changes are posted constitutes acceptance of the updated Privacy Policy.

16. Contact

If you have questions about this Privacy Policy or how your data is handled:

RunFitCoach

619 West Fullerton Parkway

Chicago, IL, United States

Email: Contact@runfitcoach.com