PriV  cy Policy

RunStrong Privacy Policy
Last updated: 2025-09-28

Introduction
RunStrong, operated by Aether Technologies LLC ("RunStrong," "we," "us," or "our"), provides a mobile application and related services that help you follow training programs, log workouts, and access instructional content. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use the RunStrong app, our websites, and any services that link to this policy (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Services.

Summary
- What we collect: Account details (e.g., email, name), training logs (e.g., your run/plyo/lift entries, notes, and feelings you choose to record), purchase and subscription records, app usage metrics (time in app), and basic device/network info. We do not collect precise GPS location or your contacts. We do not receive your full payment card details.
- Why we collect it: To provide and secure the Services, personalize training experiences, process purchases and subscriptions, communicate with you, and meet legal obligations.
- How we share: With service providers (e.g., cloud hosting, email, payments, authentication), with your consent, for legal compliance, or as part of business transfers. We do not sell personal information and we do not share it for cross‑context behavioral advertising.
- Your choices: Access, correction, deletion, portability, and other rights described below. You can delete your account in‑app under Profile → Delete Account or by contacting us.

Scope and Controller
This policy applies to the RunStrong iOS/Android app and any website pages we operate that link to it. Aether Technologies LLC is the data controller for personal information processed in connection with the Services. References to "coaches" include RunStrong coaches and founders (including Braden) acting on our behalf.

Information We Collect
1) Information you provide directly
- Account and profile: Email, password (stored as a salted hash), first and last name.
- Training logs and content you add: Daily check‑ins for runs/plyos/lifts, notes, workout details (e.g., distance, pace, weather, reps, perceived effort), and completion status. If you upload or submit media or links (e.g., to videos), we store the content you provide.
- Purchases and subscriptions: Programs purchased, subscription tier, start/end dates, and related metadata needed to provide access.
- Communications: Messages you send to support, verification codes, and password reset requests.

2) Information we collect automatically
- Usage metrics: Foreground app usage time (seconds in app), basic event timing, and similar operational telemetry used to improve reliability and user experience. We do not use third‑party analytics SDKs for behavioral advertising.
- Device and network data: IP address, device/OS information, app version, and diagnostics (e.g., server logs) used for security, troubleshooting, and fraud prevention.
- Cookies and similar technologies (web only): If you use our websites, we may use cookies or local storage for session management and preferences.

3) Information from third parties
- Authentication partners: If you choose Google Sign‑In, we receive basic profile information (e.g., email, name) from Google to create or sign you into your account.
- Payment and app stores: We receive limited information from Apple, Google, and/or Stripe to confirm purchases, manage subscriptions, and provide access. We do not receive your full payment card number from these providers.
- Cloud and infrastructure providers: We use cloud hosting and storage (e.g., Amazon Web Services) to operate the Services.

How We Use Information
- Provide, operate, and maintain the Services, including training programs, content, and workout logging.
- Authenticate users, process purchases and subscriptions, and provide account support.
- Personalize and improve the Services, including product development and feature optimization.
- Communicate with you about your account, transactions, updates, and security notices.
- Monitor and protect the Services, including preventing fraud, abuse, and security incidents.
- Comply with legal obligations and enforce our terms and policies.

Legal Bases for Processing (EEA/UK Users)
Where applicable, we rely on the following legal bases:
- Contract: To provide the Services you request (e.g., account, access to purchased programs, workout logging).
- Legitimate interests: To secure and improve the Services, prevent fraud, and understand usage (balanced against your rights).
- Consent: Where required for specific optional activities (e.g., certain marketing communications).
- Legal obligations: To comply with laws and enforce our agreements.

How We Share Information
- Service providers and processors: We share information with vendors that support our operations (e.g., cloud hosting/storage, email delivery, authentication, payments and app stores). They may access personal information only to perform services for us and must protect it under contract.
- Coaches/affiliates acting on our behalf: To deliver training content and support the Services.
- Legal, safety, and compliance: We may disclose information to comply with law, legal process, or governmental requests; to enforce agreements; or to protect the rights, property, or safety of RunStrong, our users (including coaches such as Braden), or the public.
- Business transfers: In connection with a merger, acquisition, financing, or sale of assets, your information may be transferred. We will notify you of any material changes in ownership or control affecting your information.
- No sale or cross‑context ad sharing: We do not sell personal information or share it for cross‑context behavioral advertising.

Your Choices and Rights
- In‑app controls: You can review or delete your account from Profile → Delete Account. Deleting your account removes your user profile and associated training logs from our primary systems, subject to limited retention noted below.
- Access, correction, deletion: You may request access to, correction of, or deletion of your personal information by contacting us. We may ask you to verify your identity.
- Portability: Where required by law, you can request a copy of your personal information in a portable format.
- Marketing preferences: If we send optional marketing communications, you may opt‑out via the message or by contacting us.
- Global Privacy Control/Do Not Track: If you access our websites and your browser sends a Global Privacy Control signal, we will treat it as a request to opt‑out of sale/sharing where applicable. We do not engage in sale/sharing as described above.

Data Retention
We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical examples:
- Account data: Retained while your account is active. Deleted upon account deletion, subject to lawful retention requirements.
- Training logs and check‑ins: Retained while your account is active and deleted upon account deletion.
- Purchases/subscriptions: Retained as needed for access, tax/accounting, and audit obligations.
- Communications and security logs: Retained for a reasonable period for fraud prevention, security, and support.

International Data Transfers
We may process and store information in the United States and other countries where we or our service providers operate. If you are located outside the U.S., you consent to the transfer of your information to the U.S. and other jurisdictions, which may have different data protection laws. Where required, we implement appropriate safeguards for such transfers.

Security
We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and industry‑standard password hashing. However, no security measure is perfect. To the maximum extent permitted by law, RunStrong, Aether Technologies LLC, and its owners, officers, employees, agents, and contractors (including coaches such as Braden) disclaim liability for unauthorized access beyond our reasonable control.

Children’s Privacy
The Services are not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us to request deletion.

Health and Medical Disclaimer; HIPAA
RunStrong provides fitness and training guidance and is not a medical service. The Services are not intended to diagnose, treat, or provide medical advice. Information you enter (e.g., training logs, perceived effort) is not subject to HIPAA as we are not a covered entity or business associate. For medical concerns, consult a qualified healthcare professional.

Region‑Specific Disclosures
California (CCPA/CPRA)
- Categories collected: Identifiers (e.g., email), commercial information (purchases/subscriptions), internet or network activity (usage logs), and inferences limited to service improvements. We do not collect precise geolocation, protected classifications, or sensitive biometric data.
- Sources: You, your devices, authentication providers, payment/app stores, and service providers.
- Business purposes: As described in "How We Use Information" and "How We Share Information."
- Sale/Share: We do not sell or share personal information for cross‑context behavioral advertising.
- Your rights: Access, deletion, correction, portability, opt‑out of sale/sharing (not applicable), and limit use of sensitive personal information (we do not use SPI to infer characteristics). To exercise, use Profile → Delete Account or contact us.
- Non‑discrimination: We will not discriminate against you for exercising your rights.

EEA/UK
- Controller: Aether Technologies LLC. Contact details below.
- Legal bases: See "Legal Bases for Processing."
- Your rights: Access, rectification, erasure, restriction, portability, and objection. You may lodge a complaint with your local supervisory authority. We will respond to verified requests as required by law.

Nevada/Virginia/Colorado/Connecticut/Utah
- We do not sell personal data. You may exercise rights to access, delete, correct (where applicable), and opt‑out of targeted advertising (not used) by contacting us or using available in‑app tools.

Third‑Party Services and Links
The Services may link to third‑party websites or services (e.g., instructional videos or payment pages). Your use of those services is governed by their privacy policies and terms. We are not responsible for third‑party practices.

Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via in‑app notice or email. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

Contact Us
If you have questions or requests about this Privacy Policy or your personal information, contact us at:
- Email: legal@runstrong.app
- If you prefer postal mail, please contact us by email for our current mailing address.

Additional Contractual Protections and Liability Notice
To the fullest extent permitted by applicable law, RunStrong, Aether Technologies LLC, and their owners, officers, employees, agents, and contractors (including coaches such as Braden) shall not be liable for indirect, incidental, consequential, special, exemplary, or punitive damages arising from or related to data processing activities described in this policy, except to the extent caused by our willful misconduct or as otherwise required by law. Nothing in this Privacy Policy limits your rights under applicable data protection laws.