Privacy Policy

Your data stays on your device. We can't access it because we don't collect it.

Last updated: October 23, 2025

What We DON'T Collect

RUNSTR operates on a radical privacy-first model. Here's what makes us different:

No User Accounts

  • No registration required - no email, no username, no password
  • No personal information collected or stored on our servers
  • No user database - we literally cannot track who you are
  • Your Nostr identity is pseudonymous and controlled entirely by you

No Centralized Data Storage

  • All workout data is stored locally on your device
  • We cannot access your fitness data - it never leaves your device unless you broadcast it
  • Apple HealthKit data stays on your device (read-only integration)
  • No cloud sync, no backups to our servers

What We Technically See (Only If You Choose to Share)

  • Public Nostr events you broadcast (workouts, team posts, competition entries)
  • Lightning payment invoices you create or pay (pseudonymous, no personal info)
  • Anonymous app crash reports (no identifying information)

You Are In Complete Control

Your data never leaves your device unless YOU explicitly choose to broadcast it to Nostr or social media. We have no servers storing your personal information, no user database, and no ability to access your workout data.

How Your Data Works

RUNSTR operates differently from traditional fitness apps. Here's what actually happens:

Local-First Architecture

  • Workout Tracking: All data stored locally on your iPhone - we never see it
  • Apple HealthKit: Optional read-only access to import workouts (stays on your device)
  • Your Choice to Share: Only when YOU click "Post" or "Save to Nostr" does data leave your device

When You Choose to Broadcast

  • Nostr Publishing: Workouts you post become public Nostr events anyone can see
  • Competition Entries: When you join events, your performance data is published to verify results
  • Team Interactions: Messages and posts to teams are broadcast via Nostr relays
  • Social Sharing: Posts to social media are sent directly from your device

Lightning Payments

  • Non-Custodial: We never hold your Bitcoin or see your wallet balance
  • Peer-to-Peer: Payments go directly between users via Lightning Network
  • No Payment History: We can't track your transaction history

What We Absolutely Cannot Do:

  • Access workouts you haven't chosen to broadcast
  • See your Apple Health data
  • Track your location or activity without your explicit action
  • Sell your data (we don't have any personal data to sell)
  • Share information with advertisers (we don't collect it)
  • Build a profile about you (no user database exists)

Data Security & Storage

Since we don't collect your data, security is handled differently:

Local-First Security Model

  • No Central Database: We have no servers storing your personal workout data
  • Device Security: Your data is protected by your iPhone's security (Face ID, passcode, encryption)
  • No Data Breaches: Since we don't store personal data, there's nothing for hackers to steal
  • You Control Backups: Use iCloud or iTunes backup for your workout data

Nostr Security

  • Cryptographic Keys: Your Nostr identity is secured by private keys you control
  • Decentralized: No single point of failure - data is distributed across relay servers
  • Pseudonymous: Your identity is a public key, not your real name
  • You Own Your Identity: Take your Nostr key to any compatible app

Payment Security (Bitcoin/Lightning)

  • Non-Custodial: We never hold your Bitcoin or see private keys
  • Lightning Privacy: Payments are pseudonymous and routed privately
  • No Financial Data: No bank accounts, credit cards, or personal payment info collected
  • Direct Peer-to-Peer: Sats flow directly between users via Lightning Network

The Most Secure Data is Data We Don't Have

Traditional apps secure your data in their databases. We took a different approach: we don't collect it in the first place. Your workout data stays on your device, secured by Apple's encryption and your device passcode.

Third-Party Services & Integrations

RUNSTR integrates with privacy-respecting services. Here's what connects to your device:

Apple HealthKit (Optional)

  • Read-Only Access: We can import your workouts, but cannot write data to Health
  • Stays Local: HealthKit data never leaves your device
  • Your Permission Required: You grant access through iOS settings
  • Can Be Revoked: Turn off access anytime in iPhone Settings → Privacy → Health

Nostr Network (Decentralized Protocol)

  • No Company Owns It: Nostr is an open protocol, not a company or service
  • Relay Servers: Your public posts are distributed across independent relay servers
  • Pseudonymous: Your identity is a cryptographic key, not personal information
  • You Control Your Keys: Your Nostr identity is portable to any compatible app
  • Public by Design: Anything you post to Nostr is public and permanent

Lightning Network (Bitcoin Payments)

  • Peer-to-Peer: Direct payments between users, no intermediary
  • Non-Custodial: Connect your own Lightning wallet (we never hold funds)
  • Private Routing: Payment paths are obscured for privacy
  • No KYC Required: No identity verification for Bitcoin payments

App Analytics (Minimal & Anonymous)

  • Crash Reporting Only: Anonymous error logs to fix bugs
  • No Tracking: No user behavior tracking or analytics
  • No Identifiers: Reports contain no personal information

No Hidden Trackers

We don't use Facebook Pixel, Google Analytics, advertising SDKs, or any tracking technology. The only data that leaves your device is what you explicitly choose to broadcast to Nostr or send via Lightning payments.

Your Rights & Control

Because your data lives on your device, you have complete control:

What You Can Do

  • Delete Everything: Simply delete the app - all local data goes with it
  • Export Your Data: Your workout data is stored in standard formats on your device
  • Backup Your Data: Use iCloud or iTunes backup (it's your device, your choice)
  • Take Your Identity: Your Nostr keys work with any compatible app
  • Stop Broadcasting: Just don't click "Post" or "Save to Nostr" - data stays local

What We Can't Do (Even If We Wanted To)

  • Access your locally stored workouts
  • See what you haven't chosen to broadcast
  • Delete your Nostr posts (they're on decentralized relays, not our servers)
  • Recover your Nostr private keys (you control them)
  • Track your activity without your permission

Nostr Data Considerations

  • Public & Permanent: Once you broadcast to Nostr, it's public and can be stored by any relay
  • Can't Be Deleted: Nostr is decentralized - we can't remove data from all relays
  • Think Before You Post: Only broadcast workouts you're comfortable being public
  • You Own Your Keys: Control your Nostr identity across all compatible apps

True Data Sovereignty

Unlike other apps where you "request" your data or "ask" for deletion, with RUNSTR you already have your data - it's on your device. No requests needed, no waiting periods, no approval required. Want to delete everything? Delete the app. It's that simple.

Questions About Privacy?

We're happy to explain our privacy-first approach in more detail. While we can't access your data (because we don't have it), we're always available to clarify how the app works:

Privacy-First by Design

This isn't just a privacy policy - it's how RUNSTR was built from day one. Your data stays on your device because that's the only way to guarantee true privacy. No exceptions, no backdoors, no "trust us."

Questions? Email us at privacy@runstr.club