Legal
Privacy Policy
Last updated: March 2026
At iAppLabs, we are committed to protecting your privacy and personal data. This Privacy Policy explains what data we collect through the Runnr. platform, how we use and protect it, and your rights under the EU General Data Protection Regulation (GDPR) and Brazil's Lei Geral de Protecao de Dados (LGPD).
1. Data Controller
iAppLabs ("Company", "we", "us") is the data controller responsible for processing your personal data in connection with the Runnr. platform ("Service"). If you have questions about how your data is processed, contact our Data Protection team at privacy@iapplabs.com.
2. Information We Collect
We collect the following categories of personal data: (a) Account Data — email address, username, display name, and profile information provided during registration; (b) Fitness Data — run distances, times, pace, routes, and training history; (c) Payment Data — billing details processed securely through Stripe (we do not store full credit card numbers); (d) Usage Data — pages visited, features used, interactions, timestamps, and session duration; (e) Technical Data — IP address, browser type, operating system, device identifiers, and referring URLs; (f) Location Data — GPS data for route tracking (only when you actively record a run and grant permission); (g) Communication Data — messages, feedback, and support requests you send to us.
3. How We Use Your Information
We use your personal data to: (a) provide, maintain, and improve the Service; (b) track and display your running activities and progress; (c) populate leaderboards and crew statistics; (d) process payments and manage subscriptions; (e) send transactional communications (account confirmations, event reminders); (f) personalize training recommendations; (g) monitor and analyze usage trends; (h) detect and address fraud, security issues, and technical problems; and (i) comply with legal obligations. We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
4. Information Sharing
We share your personal data only in the following circumstances: (a) with your consent or at your direction; (b) with service providers who process data on our behalf (see Section 7); (c) to comply with legal obligations or regulatory requests; (d) to protect the rights, safety, or property of iAppLabs, our users, or the public; (e) in connection with a merger, acquisition, or sale of assets. Your public profile information, run statistics, and crew membership are visible to other users as part of the Service functionality. You can control the visibility of your runs in your privacy settings.
5. Data Security
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: encryption in transit (TLS/SSL) and at rest, regular security assessments, access controls and authentication, and secure development practices. GPS and route data is encrypted both in transit and at rest.
6. Cookies & Tracking Technologies
Runnr. uses the following types of cookies: (a) Strictly Necessary Cookies — required for authentication, session management, and security; (b) Analytics Cookies — help us understand how you use the Service using privacy-friendly analytics; (c) Preference Cookies — remember your settings (e.g., unit preferences, theme). We do not use third-party advertising cookies or cross-site tracking. You can manage non-essential cookies through your browser settings.
7. Third-Party Services
We rely on trusted third-party service providers: (a) Stripe — payment processing (PCI DSS Level 1 compliant); (b) Supabase — authentication, database, and storage; (c) Vercel — hosting and content delivery; (d) Google Analytics — anonymized usage analytics (IP anonymization enabled); (e) Resend — transactional email delivery. Each provider is contractually bound to protect your data.
8. Your Rights (GDPR & LGPD)
You have the following rights: (a) Right of Access — request a copy of your personal data; (b) Right to Rectification — request correction of inaccurate data; (c) Right to Erasure — request deletion of your data ("right to be forgotten"); (d) Right to Data Portability — receive your data in a machine-readable format (including all run and fitness data); (e) Right to Restrict Processing; (f) Right to Object; (g) Right to Withdraw Consent. To exercise any of these rights, email privacy@iapplabs.com. We respond within 15 business days (LGPD) or 30 days (GDPR). You may also lodge a complaint with your local data protection authority.
9. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will permanently erase your personal data within 30 days, except where retention is required by law. Your fitness and run history data will be included in the deletion. Anonymized, aggregated data may be retained indefinitely for analytics purposes. Backup copies may persist for up to 90 days after deletion.
10. Children's Privacy
The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@iapplabs.com and we will promptly delete the information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or by sending you an email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or requests regarding this Privacy Policy or your personal data, please contact us at: iAppLabs — Data Protection Team — privacy@iapplabs.com. We aim to respond within 5 business days.