Privacy Policy

1. Who We Are

RunnersDNA is operated by BobCreativeCopySRL SRL, a company registered in Romania (CUI: RO39386811), with registered address at Strada Lungă nr. 139, 500050, Brașov, Romania.

Contact: privacy@runnersdna.app

2. What This Policy Covers

This Privacy Policy explains how RunnersDNA collects, uses, stores, and protects your personal data when you use our platform at runnersdna.app. It applies to all users of our web and mobile application.

By using RunnersDNA, you agree to the practices described in this policy.

3. Data We Collect

3.1 Data You Provide Directly

• Name, email address, and password (during account registration)
• Age, weight, and running experience (during onboarding)
• Goal races and training preferences

3.2 Data From Connected Platforms

Strava (via OAuth connection)
When you connect your Strava account, we access:

• Running activity history (pace, heart rate, distance, elevation, moving time)
• Activity routes and GPS data
• Gear information
• Personal records and race history

We access only the data necessary to compute your performance profile. We do not post to Strava on your behalf.

Garmin Connect (via OAuth connection)
When you connect your Garmin account, we access:

• Health metrics: VO2 Max, HRV, resting heart rate, SpO2
• Wellness data: sleep score, sleep duration, daily stress levels, Body Battery
• Activity metrics: cadence, ground contact time, vertical oscillation, running power, training effect
• General wellness: daily steps, intensity minutes, calories

We access only data you have authorized through Garmin's consent flow. This data is used exclusively to generate your personal Runner DNA profile and is never shared with third parties.

Garmin Connect (CSV Upload)
If you choose to manually export and upload a health summary CSV from Garmin Connect, we process this file to extract the same health metrics described above. The raw file is deleted after processing.

3.3 Third-Party Data

Weather data: We enrich your activity history with historical weather conditions (temperature, precipitation) using public weather APIs, to provide context for your performance data.

3.4 Automatically Collected Data

• IP address and device type (for security and analytics)
• Session data and usage logs
• Error reports (via Sentry, anonymized)

4. How We Use Your Data

We use your data exclusively to provide and improve the RunnersDNA service.

We do not use your data for advertising. We do not sell your data to third parties. We do not use your raw activity data to train machine learning models.

Your Garmin and Strava activity data is processed by our computation engine to produce numerical performance scores. Only these computed outputs — never your raw activity or health data — are passed to AI inference systems for interpretation and narrative generation.

5. Data Storage and Security

• All data is stored on servers within the European Union.
• Database: PostgreSQL, hosted on Railway (EU region).
• Data in transit is encrypted using TLS 1.2 or higher.
• Access to production data is restricted to authorized team members only.
• Passwords are hashed using bcrypt and are never stored in plain text.
• We perform regular security reviews and apply security patches promptly.

6. Data Sharing

We share data only with the following categories of processors, strictly to operate the platform:

For processors outside the EU, we rely on Standard Contractual Clauses (SCCs) as the legal transfer mechanism under GDPR Article 46.

7. Data Retention

When you delete your account, all personal data is permanently deleted within 30 days, except where retention is required by law.

8. Your Rights Under GDPR

As a data subject under EU/Romanian law, you have the following rights:

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your personal data.
• Right to restriction: Request that we limit processing of your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interest.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@runnersdna.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) at anspdcp.ro.

9. Connected Platform Permissions

Strava: You can revoke RunnersDNA's access to your Strava data at any time from Strava Settings → My Apps. Revoking access will stop new data from syncing. Existing computed data in your profile will remain until you delete your account.

Garmin Connect: You can revoke RunnersDNA's access to your Garmin data at any time from Garmin Connect → Connected Apps. Revoking access will stop new data from syncing. Existing computed data in your profile will remain until you delete your account.

10. Children's Privacy

RunnersDNA is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at privacy@runnersdna.app and we will delete it promptly.

11. Cookies and Tracking

RunnersDNA uses only essential cookies required for authentication and session management. We do not use third-party advertising cookies or tracking pixels. You can control cookie preferences through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a banner in the application at least 14 days before the changes take effect.

Continued use of RunnersDNA after the effective date of changes constitutes acceptance of the updated policy.

13. Contact

BobCreativeCopySRL SRL
Email: privacy@runnersdna.app
Website: runnersdna.app