Privacy Policy

Effective date: 9 May 2026

Last updated: 9 May 2026

This Privacy Policy explains how Runmo Labs s.r.o. ("Runmo", "we", "us", or "our") collects, uses, and protects your personal data when you use the Runmo mobile application (the "App") and the website at runmo.app (the "Site"), together the "Service".

We have written this policy to be as clear as we can. Where we use defined terms from the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") or Czech Act No. 110/2019 Coll. on Personal Data Processing, we have tried to explain them in plain language as well.

1. Who we are

The data controller for your personal data is:

Runmo Labs s.r.o.
IČO: 22240152
DIČ: CZ22240152
Příčná 1892/4, Nové Město (Prague 1), 110 00 Prague, Czech Republic

You can reach us about anything in this policy at support@runmo.app.

We are a small company and have not appointed a Data Protection Officer (DPO), as we are not legally required to do so. The contact email above is monitored and will reach the people responsible for privacy at Runmo.

2. Privacy at a glance

We have built Runmo with a local-first approach. Most of your data (your runs, your routes, your heart rate, your training plans, your notes) lives on your device and in your personal Apple iCloud. We do not run a database that stores your runs or your health data on our servers.

In practice this means:

Your runs and health data stay on your device. We sync them between your devices using your own iCloud account. We cannot read them.
The AI coach is the one exception. When you ask the AI coach for a briefing, a plan, or a post-run analysis, we send a small, carefully limited summary of your training data to Anthropic, our AI provider, so it can generate a response. We never send your name, your email, your GPS coordinates, your routes, or the raw second-by-second readings from your watch.
Analytics are anonymous. We use a privacy-respecting analytics service (TelemetryDeck) that does not identify you and does not use cookies or advertising IDs.
We do not sell your data, ever. We do not run advertising, we do not share your data with data brokers, and we do not allow third-party advertising or behavioural tracking inside the App.

The rest of this policy goes through each of these in detail.

3. The data we process

3.1 Account information

When you create a Runmo account we use Sign in with Apple. This means:

Apple gives us a stable, anonymous user identifier.
You can choose whether to share your real email address or use Apple's private relay address.
You can choose what name (if any) to share with us.

We store the identifier and whatever you chose to share with us. We do not collect a password, Apple handles authentication.

3.2 Profile and onboarding choices

During onboarding and inside the App you may tell us:

Your training goal (e.g. distance target, race date)
Your experience level
Your preferred number of runs per week
Your preferred units (km or miles)
Your training preferences

This information is stored on your device and synced to your personal iCloud. It is not stored on a Runmo database.

3.3 Health and activity data

With your explicit permission, Runmo reads the following data from Apple HealthKit:

Workouts, including running workouts and their routes
Heart rate and resting heart rate
Heart rate variability (HRV)
Distance and active energy
Running stride length, ground contact time, and (on iOS 16+) running power
VO₂ max
Step count
Height and date of birth (for heart-rate-zone calculations)
Sleep analysis
(On iOS 18+) Workout effort scores

If you enable it, Runmo can also write a workout effort score back to HealthKit when you rate one of your runs.

HealthKit data is treated as a special category of personal data ("data concerning health") under Article 9 GDPR, which means we only process it when you have given us your explicit consent through the iOS HealthKit permission prompts. You can withdraw this consent at any time in iOS Settings → Health → Data Access & Devices → Runmo.

HealthKit data is read on your device and never leaves your device or your iCloud, except in the specific aggregated form described in section 3.5 below, when you use the AI coach.

3.4 Routes (GPS data)

When you record runs in another app (such as Apple Fitness or a third-party watch app) and they save a workout route to HealthKit, Runmo can read that route to display it to you on a map.

GPS routes are processed entirely on your device. We never send GPS coordinates, route polylines, or any location-derived data to our servers, to Anthropic, or to any other third party.

3.5 Data sent to the AI coach

If your Runmo subscription includes the AI coach and you use it, we send a request to our coach API (hosted on Vercel at api.runmo.app), which relays it to Anthropic for AI inference. We have designed the request format to send the minimum data necessary for the coach to be useful.

The exact contents are documented in our source code as a privacy invariant. A request to the AI coach never contains:

GPS coordinates, exact or bucketed
Route paths or polylines
Run names, titles, or any free text you have not explicitly chosen to share with the coach
Your name, email, Apple ID, or any device identifier
Raw heart-rate time series
Raw sleep numbers
Raw HRV or resting heart rate values

A request to the AI coach does contain the following, in aggregated form:

Distance, pace, and heart-rate averages for past runs
Time spent in heart-rate zones, weekly totals, and similar summary statistics
Short categorical labels (for example, "improving", "cold", "injury:calf")
Metadata about your training plan (plan ID, dates, the AI's own descriptions of sessions)
Calendar dates only, never times of day, unless the field is specifically about time of day (for example, "morning")
AI-authored memory summaries of past coach interactions, capped at 140 characters each
Questions and answers from the in-app coach dialogue
Local weather data (a bucketed label and a rounded temperature)
The text of a health note only when you have explicitly toggled "share with coach" on that note

Each request to our coach API is signed using Apple App Attest, which proves the request comes from a genuine, unmodified Runmo install on a real Apple device. We do not link App Attest device identifiers back to your account.

3.6 Subscription information

Runmo offers an auto-renewing premium subscription, billed through Apple.

When you subscribe:

Apple processes the payment. We do not see, store, or have access to your payment card details.
Apple tells our App, via StoreKit, that you have an active entitlement to premium features.
We store this entitlement status locally on your device so the App knows what features to unlock.

For information about how Apple handles your payment information, please see Apple's Privacy Policy.

3.7 Analytics

We use TelemetryDeck for product analytics. TelemetryDeck is a Swiss/German analytics service designed specifically to be GDPR-compliant. It does not use cookies, does not assign tracking IDs, and does not collect personally identifying information.

Each analytics event we send is a short string (for example, app.session_start, coach.plan_generation_succeeded) and a small set of categorical parameters. Numeric values are bucketed to prevent fingerprinting (for example, we record a heart-rate bucket like "170–184", not your actual maximum heart rate).

We never send personal identifiers, free-text input, run names, locations, or raw health values to TelemetryDeck. You can read TelemetryDeck's privacy practices at telemetrydeck.com/privacy.

3.8 Crash and diagnostic data

If you have agreed to share diagnostics with Apple in iOS Settings, Apple will send anonymized crash reports from Runmo to us through App Store Connect. We use these reports only to find and fix bugs.

3.9 Communications with us

If you email us at support@runmo.app, we will receive your email address and the contents of your message. We use this to respond to your enquiry and keep a record of the support conversation.

4. Why we process your data; on what legal basis

Under the GDPR, we must have a legal basis for every type of processing. Here is ours.

What We Do

Why we do it

Legal basis

Run your account, sync your data, show you the App

To perform our contract with you (these Terms)

Article 6(1)(b) GDPR — performance of a contract

Read HealthKit data on your device

To compute your training metrics, plan, and coach output

Article 6(1)(b) and Article 9(2)(a) GDPR — your explicit consent (granted via the HealthKit prompt)

Send aggregated training data to the AI coach (Anthropic)

To generate your coach output

Article 6(1)(b) GDPR — performance of a contract; Article 9(2)(a) — your explicit consent, given by enabling the coach

Process your subscription

To bill you (via Apple) and unlock premium features

Article 6(1)(b) GDPR — performance of a contract; Article 6(1)(c) — legal obligation (tax, accounting)

Send anonymous product analytics via TelemetryDeck

To understand which features are working and where the App needs improvement

Article 6(1)(f) GDPR — our legitimate interest in improving the Service. We have balanced this against your interests; the data is anonymous and bucketed. You can opt out — see section 8.

Receive crash reports from Apple

To find and fix bugs

Article 6(1)(f) GDPR — our legitimate interest in providing a working App

Reply to support email

To handle your enquiry

Article 6(1)(b) GDPR — performance of our contract; Article 6(1)(f) — legitimate interest in supporting users

Comply with legal obligations (tax, fraud prevention, lawful requests)

Because we have to

Article 6(1)(c) GDPR — legal obligation

Where we rely on consent (HealthKit, the AI coach), you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

5. Who we share your data with

We do not sell your personal data. We share it only with the following categories of recipient:

5.1 Apple (Apple Inc. / Apple Distribution International Limited)

Apple acts as data controller in its own right for:

App Store distribution and your subscription billing
Sign in with Apple
App Attest (used to verify our API requests come from real Runmo installs)
iCloud / CloudKit (used to sync your Runmo data between your own devices)
WeatherKit (used to fetch weather context for the coach)
HealthKit (your health data, on your device)

Apple processes this data under its own privacy policy: apple.com/legal/privacy.

5.2 Anthropic (Anthropic PBC) — AI processor

When you use the AI coach, Anthropic processes the limited request payload described in section 3.5 in order to generate the AI response. Anthropic acts as our processor under a data-processing agreement and does not use your data to train its models.

Anthropic's privacy policy: anthropic.com/legal/privacy.

5.3 Vercel (Vercel Inc.) — hosting

Our coach API is hosted on Vercel. Vercel processes the request as it transits to and from Anthropic. Vercel acts as our processor.

Vercel's privacy policy: vercel.com/legal/privacy-policy.

5.4 Upstash (Upstash, Inc.) — rate limiting

We use Upstash Redis to rate-limit our coach API and to store the App Attest counter that prevents replay attacks. Upstash holds short-lived rate-limit counters and a small, opaque attest record per device. It does not receive your name, email, training data, or any of the contents of an AI request. Upstash acts as our processor.

Upstash's privacy policy: upstash.com/trust/privacy.pdf.

5.5 TelemetryDeck (TelemetryDeck GmbH) — analytics

As described in section 3.7. TelemetryDeck acts as our processor.

5.6 Professional advisers and authorities

We may share your data with our accountants, lawyers, or auditors when we need professional advice; with public authorities when we are legally required to do so; and with a successor entity if we ever sell or restructure the company. In each case the recipient is bound to keep your data confidential.

6. International transfers

Some of our processors are based outside the European Economic Area (EEA), in particular:

Anthropic processes requests in the United States.
Vercel processes requests in the region we deploy to; some Vercel infrastructure is in the United States.
Apple processes data in multiple regions globally.
Upstash processes data in the EU region for our deployment.
TelemetryDeck processes analytics in the EU.

Where data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) or, where available, an adequacy decision (for example, the EU–US Data Privacy Framework for certified US-based processors). Copies of the relevant safeguards are available from us on request.

7. How long we keep your data

Under the GDPR, we must have a legal basis for every type of processing. Here is ours.

Data

Retention

Data on your device and in your iCloud

For as long as you keep the App installed and the data in your iCloud. Deleting the App or your iCloud data deletes it.

Account record (your Apple Sign-In identifier on our side)

For as long as you have an account, then deleted within 30 days of you asking us to delete it.

AI coach requests

We do not log the contents of AI coach requests on our servers. Anthropic's retention applies to inference logs and is described in their policy.

Rate-limit counters and App Attest records on Upstash

Short TTL (typically 1 hour for rate-limit counters, longer for App Attest records). Automatically expired.

Analytics events on TelemetryDeck

TelemetryDeck's standard retention applies.

Apple subscription records

Held by Apple under Apple's policies.

Tax and accounting records (invoices, etc.)

10 years from the end of the relevant accounting period, as required by Czech Act No. 563/1991 Coll. on Accounting.

Support emails

Up to 3 years from your last contact, then deleted.

8. Your rights

Under the GDPR you have the following rights, which you can exercise by emailing support@runmo.app:

Access — you can ask us for a copy of the personal data we hold about you (Article 15).
Rectification — you can ask us to correct data that is wrong or incomplete (Article 16).
Erasure — you can ask us to delete your data (Article 17). Note that we cannot delete data we do not hold, including data on your device and in your iCloud, which only you control.
Restriction — you can ask us to limit how we use your data (Article 18).
Portability — you can ask us for your data in a machine-readable format (Article 20).
Objection — you can object to processing based on legitimate interests, including our analytics (Article 21).
Withdraw consent — where we rely on your consent, you can withdraw it at any time (Article 7(3)).
Not be subject to automated decisions — we do not make solely automated decisions that produce legal or similarly significant effects on you (Article 22). The AI coach generates suggestions, not decisions about you.

We will respond to your request within one month, or tell you why we need longer (up to two further months).

You can also opt out of analytics at any time inside the App, in Settings → Privacy → Analytics.

If you believe we have mishandled your personal data, you have the right to complain to the Czech Data Protection Authority, the Úřad pro ochranu osobních údajů (ÚOOÚ):

Úřad pro ochranu osobních údajů
Pplk. Sochora 27, 170 00 Praha 7
Telephone: +420 234 665 111
Web: uoou.gov.cz

You may also contact the supervisory authority in your EU country of residence.

9. Children

Runmo is not intended for users under the age of 16. We do not knowingly collect personal data from anyone under 16. If you become aware that a child under 16 has used Runmo, please contact us at support@runmo.app and we will delete the relevant data.

10. Security

We protect your data using a combination of measures appropriate to the risk:

End-user device security. Most of your data lives on your device and is protected by Apple's device-level security (passcode, Face ID/Touch ID, file-system encryption) and your iCloud account.
Transport security. All communication between the App and our coach API uses TLS 1.2 or later.
Request integrity. Every coach API request is cryptographically signed with Apple App Attest, which prevents replay and tampering.
Data minimisation. We do not store the contents of AI coach requests on our servers, and we do not maintain a database of user training data.
Access controls. Only a limited number of people at Runmo have access to our infrastructure, with multi-factor authentication required.

No system is perfectly secure. If we ever discover a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the ÚOOÚ within 72 hours and notify you without undue delay where required.

11. Cookies and tracking on runmo.app

Our website at runmo.app uses only essential technical cookies needed to load the page. We do not use advertising cookies, analytics cookies, or any third-party tracking on the website. If this changes in future, we will update this policy and ask for your consent before placing any non-essential cookies.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you through the App and update the "Last updated" date at the top of this policy. We will keep previous versions available on request.