Privacy Policy

Effective date: March 8, 2026

1. Introduction

RunAwAI ("we," "our," or "us") is an AI-powered personal training app with 24/7 coaching for runners. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our mobile application, website, and related services (collectively, the "Service").

By using RunAwAI, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

  • Email address, name, and phone number
  • Authentication credentials (managed securely via Supabase Auth)

Profile & Health Data

  • Fitness level, training experience, and goals
  • Height, weight, gender, and date of birth
  • Injury history and notes
  • Running preferences (preferred distances, race goals, pace targets)

Location Data

  • Home location and trip destinations
  • Real-time coordinates during check-ins
  • GPS routes from running activities

Fitness & Workout Data

  • AI-generated training plans and workout schedules
  • Workout history, heart rate, pace, distance, and calories
  • Activity data synced from connected services (e.g., Strava)

Nutrition Preferences

  • Food preferences, dietary restrictions, and meal budget
  • AI-generated meal recommendations

Chat & Check-in Data

  • Conversation history with the AI coaching assistant
  • Daily check-in responses including mood, sleep, soreness, and other factors

Device & Usage Data

  • Device type, operating system, and app version
  • Usage patterns and feature interactions

3. Third-Party Integrations & Data Sharing

We integrate with the following third-party services to provide our features. Data is shared only as necessary to deliver the Service:

Strava

When you connect your Strava account via OAuth, we access your athlete profile, activity history, and route data. We use this to personalize your training plans. You can disconnect Strava at any time from your app settings. We do not post to Strava on your behalf without your explicit consent.

Garmin

We generate and export workout plans as FIT files compatible with Garmin devices. Workout structure data is formatted for Garmin compatibility but is generated entirely within RunAwAI.

Google Gemini AI

To generate personalized training plans, meal recommendations, and AI coaching responses, we send relevant user context to Google's Gemini API. This may include your profile information, preferences, workout history, location, weather conditions, and conversation history. See Section 5 for more details.

OpenWeatherMap

We send geographic coordinates (latitude and longitude) of your home location and trip destinations to OpenWeatherMap to retrieve weather forecasts that inform your training plans.

Supabase

Our database and authentication infrastructure is hosted on Supabase. All user data is stored in Supabase PostgreSQL with Row Level Security (RLS) enabled to ensure data isolation between users.

Google OAuth

If you choose to sign in with Google, we receive your basic profile information (name and email) from Google to create or link your account.

We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.

4. How We Use Your Data

We use the information we collect to:

  • Generate personalized, AI-powered training plans tailored to your fitness level, goals, and daily schedule
  • Provide adaptive daily coaching and check-in recommendations
  • Suggest running routes appropriate for your destination and preferences
  • Create meal recommendations based on your dietary needs and budget
  • Track your performance and progress over time
  • Sync and integrate data from connected fitness platforms
  • Export workouts to compatible devices and formats
  • Improve our AI models and service quality
  • Communicate important updates about the Service

5. AI Data Processing

RunAwAI uses Google's Gemini AI to power plan generation, coaching chat, and recommendations. When you interact with these features, relevant personal data is sent to Google's Gemini API as context for generating responses.

This data may include:

  • Your profile information (fitness level, age, goals, injury history)
  • Training preferences and workout history
  • Trip details (destination, dates, timezone)
  • Weather data for your locations
  • Conversation history for contextual coaching
  • Check-in data (mood, sleep, soreness)

Your data is sent to the Gemini API solely for generating responses to your requests. According to Google's API data usage policies, data sent via the API is not used to train Google's general AI models. We do not use your personal data to train our own AI models.

6. Data Storage & Security

We take the security of your data seriously and employ the following measures:

  • All data is stored in Supabase PostgreSQL with Row Level Security (RLS) enforced at the database level
  • Authentication uses JWT tokens signed with RS256 and verified via Supabase JWKS
  • All communications are encrypted in transit via HTTPS/TLS
  • Authentication tokens are stored securely on your device using platform-native secure storage
  • API rate limiting is in place to prevent abuse
  • Third-party OAuth tokens (e.g., Strava) are encrypted before storage

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the Service. If you disconnect a third-party integration (e.g., Strava), we perform a soft delete of the associated synced data, which may be permanently removed after a reasonable retention period.

If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data
  • Data Portability — Request your data in a structured, machine-readable format
  • Withdraw Consent — Withdraw consent for data processing where consent is the legal basis
  • Restrict Processing — Request that we limit how we use your data
  • Object — Object to processing of your data for certain purposes

To exercise any of these rights, please contact us using the information in Section 11. We will respond to your request within 30 days.

9. Children's Privacy

RunAwAI is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective date" at the top of this page and, where appropriate, through in-app notifications or email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@runawai.app