At NavRun, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information.
Information We Collect
When you use NavRun, we collect:
Account Information: Email address and username when you create an account. If you sign in with Apple, we also receive a stable Apple identifier and either your real email or an Apple private relay email (e.g., [email protected]) if you chose to hide your address.
Fitness Data from Strava: Running activities, routes, pace, distance, heart rate, and other workout metrics synced from Strava when you connect your account.
Fitness Data from Apple Health (iOS app only): Running workouts you grant us permission to read — start time, duration, distance, pace, and heart rate. See the Apple Health section below for details.
Preferences: Your training preferences, goals, and settings.
Location Data: GPS routes from your activities (only when synced from Strava).
Device Tokens (iOS app only): If you enable push notifications, we store an Apple Push Notification service token routed through Firebase Cloud Messaging so we can deliver notifications to your device.
How We Use Your Information
We use your information solely to:
Display your running activities and statistics
Generate personalized AI-powered training plans
Provide weather forecasts for your planned runs and races
Create analytics and insights about your training
Improve the NavRun service
Data Sharing
We do NOT sell, rent, or share your personal data with third parties for marketing or advertising purposes.
Your data may only be shared in these limited circumstances:
Service Providers: We use trusted services that process data on our behalf under strict confidentiality agreements (see the Third-Party Services section below for the full list).
Legal Requirements: If required by law or to protect our rights.
Apple Health data is never shared, sold, or used for advertising or marketing — full stop. See the Apple Health section below for details.
Data Security
We implement industry-standard security measures to protect your data:
Encrypted data transmission (HTTPS)
Secure database storage
OAuth 2.0 for Strava integration (we never see your Strava password)
Regular security reviews
Third-Party Services
NavRun uses the following services to operate. Each is bound by their own privacy policy and processes data only as needed to provide their service:
Strava: Activity data sync when you connect your account. You can disconnect at any time from your Preferences page, which stops future syncing.
Apple HealthKit (iOS app only): On-device read of running workouts when you grant permission. See the Apple Health section below.
AI service provider: AI training plan generation, weekly reports, and analytics. Activity summaries (distance, pace, duration, heart rate) and your training preferences may be sent to a third-party large language model provider to generate these features. We use providers whose API terms prohibit training on customer data.
Firebase Cloud Messaging (Google): Push notification delivery on iOS. Stores only a device token — no training data passes through FCM.
Stripe: Subscription payment processing. Stripe handles all payment information; NavRun never sees your card details.
Sentry: Error and crash monitoring. Captures error context and stack traces, but no training data or fitness metrics.
Railway: Hosting infrastructure for the NavRun service.
Apple Health (iOS app only)
If you use the NavRun iOS app, you can grant permission for NavRun to read your running workouts from Apple Health. This data is read on-device with your explicit consent through the standard iOS permission prompt.
What we read: Running workouts only — start time, duration, distance, pace, and heart rate.
What we do with it:
Sync workouts to your NavRun account so they appear alongside your Strava activities.
Use them as input to AI training plan generation, weekly reports, and analytics — the same way Strava activities are used.
What we will never do with Apple Health data:
Sell or share it with any third party.
Use it for advertising, marketing, or any form of tracking.
Use it for any purpose unrelated to the training history and AI features you have opted into.
You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → NavRun. We will stop reading new data immediately. Previously synced workouts remain in your NavRun account until you delete them or your account.
Sign in with Apple (iOS app only)
If you use Sign in with Apple to create or log into your NavRun account, we receive a stable Apple identifier (used to identify your account) and your email address. You can choose to share your real email or use Apple's private email relay (e.g., [email protected]).
We treat private relay addresses identically to real addresses for sending account-related email. We do not attempt to resolve them to your underlying Apple ID.
Push Notifications (iOS app only)
With your permission, NavRun sends push notifications about your training plan, workout reminders, weekly reports, and race-day pacing. To deliver these, we store an Apple Push Notification service token, routed through Firebase Cloud Messaging (a Google service).
You can disable push notifications at any time in iOS Settings → Notifications → NavRun.
Your Rights
You have the right to:
Access: View all data we have about you
Delete: Delete your account and all associated data at any time from your Preferences page. All data is removed immediately and permanently.
Disconnect: Revoke Strava access at any time
Export: Download your data in standard formats
Data Retention
We retain your data for as long as your account is active. You can delete your account and all data at any time from your Preferences page — deletion is immediate and permanent. No data is retained after account deletion, except where legally required.
Cookies
We use essential cookies only for:
Keeping you logged in
Security (CSRF protection)
We do not use tracking or advertising cookies.
Children's Privacy
NavRun is not intended for users under 13 years of age. We do not knowingly collect data from children.
Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email or through the app.
Contact Us
If you have questions about this privacy policy or your data, please contact us at: