Privacy Policy

RUNSTR operates on a privacy-first principle. We specifically do not collect:

• Personal identifying information (name, address, phone number)
• Financial information or payment details
• Health records or medical data
• Location tracking beyond activity sessions
• Device contacts or personal communications
• Biometric data or detailed health metrics

RUNSTR operates without traditional user accounts, which means:

• No passwords or login credentials to manage
• No persistent user profiles linked to personal information
• Reduced risk of data breaches affecting personal accounts
• Complete anonymity in your fitness tracking

To provide our competitive fitness platform, we process only essential activity metrics:

• Distance: Miles or kilometers covered during activities
• Speed & Pace: Performance metrics for challenges
• Steps: Step count for walking and running activities
• Duration: Time spent on activities
• Activity Type: Running, walking, or cycling classification

This data is used solely for challenge participation, leaderboards, and competition features.

You have comprehensive rights regarding your data under applicable privacy laws:

• Right to Access: View all data we have about you
• Right to Delete: Remove your activity data instantly through the app at any time
• Right to Export: Download your data in standard formats (JSON, CSV)
• Right to Rectification: Correct any inaccurate data
• Right to Withdraw Consent: Stop data processing for any optional features
• Right to Data Portability: Transfer your data to other services
• Right to Object: Opt out of data processing for specific purposes
• Right to Restrict Processing: Limit how we use your data

Additional Data Control Features:

• No Local Storage Recommendation: We recommend against storing data locally on your device for enhanced privacy
• Temporary Processing: Activity data is processed only for active challenges and competitions
• Instant Deletion: All data removal requests are processed immediately

When you choose to share achievements on social media, we only share:

• Public activity metrics (distance, speed, pace, steps)
• Challenge completion status
• Achievement badges and milestones

Important: Social media sharing is entirely optional and controlled by you. No data is shared without your explicit consent for each post.

This Privacy Policy complies with applicable data protection laws including:

• General Data Protection Regulation (GDPR) for EU users
• California Consumer Privacy Act (CCPA) for California residents
• Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian users
• Australian Privacy Principles (APP) for Australian users
• Other applicable regional data protection laws based on your location

Even with minimal data collection, we protect what we process using industry-leading security measures:

• AES-256 encryption for all data transmission and storage
• TLS 1.3 protocol for secure communication
• Nostr protocol integration with cryptographic key management for decentralized data sharing
• Local private key handling - your cryptographic keys never leave your device
• No persistent storage of sensitive information on our servers
• Regular security audits and penetration testing
• Zero-knowledge architecture where technically possible

RUNSTR integrates with various services only when you explicitly connect them. Each integration has specific privacy implications:

🏃‍♂️ Fitness Tracking Integrations

• Apple Watch: Activity data sync (coming soon) - follows Apple's HealthKit privacy policy
• Garmin: Fitness tracking integration (coming soon) - governed by Garmin's privacy policy
• Strava: Activity import capabilities (planned) - subject to Strava's data sharing terms

📱 Social Media Platforms

• Twitter/X: Achievement sharing - governed by X's privacy policy
• Instagram: Progress posts - subject to Meta's data policy
• Facebook: Community features - follows Meta's privacy terms

🔗 Nostr Protocol Integration

• Decentralized Sharing: Your achievements can be shared to Nostr relays
• Cryptographic Keys: Your Nostr private keys are generated and stored locally on your device only
• Relay Privacy: Data shared to Nostr relays follows the privacy policies of individual relay operators
• Content Control: You control what activity data is published to the Nostr network

💰 Future Wallet Integrations

• Lightning Network: For instant prize payments - no personal financial data stored by RUNSTR
• Bitcoin Wallets: Direct integration for earnings - your wallet addresses remain private
• Cryptocurrency Exchanges: Optional integrations for prize conversion - subject to exchange privacy policies

Important: All third-party integrations require your explicit consent and can be disconnected at any time. We do not share your data with these services beyond what is necessary for the specific feature you've chosen to use.

RUNSTR is designed for users 13 years and older. We do not knowingly collect data from children under 13. If you're a parent and believe your child has used RUNSTR, please contact us immediately.

In the unlikely event of a security incident affecting your data:

• Immediate Response: We will assess and contain any security incidents within 24 hours
• User Notification: Affected users will be notified through the RUNSTR app within 72 hours
• Transparency Report: We will publish a public incident report detailing what happened and our response
• Regulatory Compliance: All relevant authorities will be notified as required by law
• Remediation: We will provide clear steps for users to protect themselves and their data

We may update this privacy policy to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated "Last Modified" date. For significant changes, we will notify users through the app. Continued use of RUNSTR after changes indicates acceptance of the updated policy.

Questions about privacy or data practices? We're here to help:

• Visit our Contact Page
• Submit a Privacy Concern Report
• Join our Community Discussions