Privacy Policy

1. Information We Collect

We may collect the following types of information:

From Our Website:

• Email address — when you sign up for our beta waitlist or subscribe to updates.
• Usage data — pages visited, features used, and interactions with our site, collected via PostHog analytics.
• Device information — browser type, operating system, screen resolution, and similar technical data collected automatically.
• Cookies and tracking technologies — we use cookies and similar technologies for analytics purposes (see Section 3).

From Our iOS/macOS App:

• App usage data — features used, session duration, and interactions within the app, collected via PostHog analytics.
• Device identifiers — if you consent to tracking, we may collect device identifiers (IDFA) for analytics purposes. We use Apple's App Tracking Transparency framework and will only access this data with your explicit permission.
• Audio recordings — if you use our recording features, audio data is processed locally on your device. We do not upload or store your recordings on our servers unless you explicitly choose to sync or share them.
• Account information — if you create an account, we collect your email address and any profile information you provide.

2. How We Use Your Information

• To communicate with you about product updates, beta access, and relevant announcements.
• To improve our website and product based on usage patterns and analytics.
• To understand how visitors interact with our site so we can make it better.

3. Analytics & Tracking

We use PostHog for product analytics across our website and mobile apps. PostHog may use cookies and similar technologies to collect information about your browsing behavior, session data, and interactions with our services. This data helps us understand how our services are used and where we can improve.

Website tracking: You can opt out of tracking by enabling "Do Not Track" in your browser settings, using a browser extension that blocks tracking scripts, or by sending a Global Privacy Control signal. We honor Global Privacy Control signals as an opt-out request under CCPA.

iOS App tracking: On iOS, we use Apple's App Tracking Transparency (ATT) framework. We will request your permission before accessing device identifiers for tracking purposes. You can change this permission at any time in your iOS Settings.

4. Email Communications

When you provide your email address, you consent to receive communications from us related to RunThrough. We comply with the CAN-SPAM Act and include an unsubscribe mechanism in every email we send. You can opt out at any time by clicking the unsubscribe link in any email.

We use Resend as our email delivery service. Resend processes your email address on our behalf solely for the purpose of delivering messages.

5. Data Sharing & Third-Party Services

We share your data only with service providers who help us operate our services. We do not sell your personal information. Under CCPA, "sharing" means disclosing personal information to third parties for cross-context behavioral advertising. We do not engage in this practice.

We use the following third-party services that may process your data:

• PostHog — analytics and product usage tracking (data processing agreement in place).
• Resend — email delivery and transactional email (data processing agreement in place).
• Vercel — website hosting and deployment infrastructure.
• Apple — app distribution and payment processing (for iOS/macOS apps).

Each of these services has its own privacy policy governing how they handle data. We have data processing agreements with our service providers where required by law.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit (HTTPS/TLS), secure data storage, and access controls. However, no method of transmission over the internet or electronic storage is 100% secure.

In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law (typically within 72 hours under GDPR, and as required by state breach notification laws).

7. Data Retention & Deletion

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Email addresses: Retained for as long as you remain subscribed to our communications. If you unsubscribe, we retain your email address for up to 30 days to process your request, then delete it.
• Usage and analytics data: Retained for up to 24 months, then automatically purged.
• Account data: Retained for as long as your account is active, plus up to 90 days after account deletion for backup and recovery purposes.

You may request deletion of your personal data at any time by contacting us at the email address listed below. We will process your request within 30 days (or as required by applicable law). Under CCPA, we will confirm receipt of your request within 10 business days and complete it within 45 days (or 90 days if we need more time, with notice to you).

8. Children's Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

CCPA - Youth Data Protection: Under CCPA, personal information of consumers under 16 is classified as sensitive personal information. We do not knowingly collect personal information from consumers under 16 without appropriate consent. If you are under 16, please obtain parental consent before using our services.

9. Your Rights

Depending on your location, you may have certain rights regarding your personal data:

• GDPR (EU/EEA/UK) — You have the right to: access your data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict processing, data portability, object to processing, and withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority.
• CCPA (California) — You have the right to: know what personal information we collect, access your personal information (going back to January 1, 2022), delete your personal information, correct inaccurate information, opt out of the sale or sharing of personal information (we do not sell or share), and non-discrimination for exercising your rights. We honor Global Privacy Control signals as an opt-out request.
• Other U.S. States — Depending on your state, you may have similar rights under state privacy laws (e.g., Virginia VCDPA, Colorado CPA, Connecticut CTDPA).

To exercise any of these rights, please contact us at the email address below. We will respond to your request within the timeframes required by applicable law (typically 30 days, or 45-90 days for CCPA requests as noted above). We may need to verify your identity before processing certain requests.

11. International Data Transfers

Our services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us may be transferred to and processed in the United States or other jurisdictions where our service providers operate.

When we transfer personal data from the EU/EEA/UK to the United States or other countries, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or other mechanisms recognized by applicable data protection laws.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Our analytics are used only to improve our services and understand usage patterns, not to make automated decisions about individuals.

10. Do Not Sell or Share Personal Information

We do not sell your personal information. Under CCPA, "sale" means exchanging personal information for monetary or other valuable consideration. We do not engage in this practice.

We do not share your personal information for cross-context behavioral advertising (the CCPA definition of "sharing"). We only share data with service providers who help us operate our services under strict data processing agreements.

Your data is used solely to operate and improve RunThrough, communicate with you, and provide customer support. We honor Global Privacy Control signals as an opt-out request under CCPA.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" at the top of this page and notify you via email (if you have provided one) or through a prominent notice on our website or app. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

Your continued use of our services after changes become effective constitutes acceptance of the updated policy, except where further consent is required by law.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: privacy@runthroughapp.io

Data Protection Officer (EU/EEA/UK): For GDPR-related inquiries, you may also contact our Data Protection Officer at the email above.

Response Time: We aim to respond to all privacy-related inquiries within 30 days, or as required by applicable law.