Privacy Policy

RunHeal is a running injury tracking application. Data controller: RunHeal. Contact: contact.runheal@gmail.com

• Account data: email, hashed password (bcrypt), preferred language.
• Runner profile: first name, date of birth, experience level, weekly km.
• Health data (GDPR Art. 9): injury type, exercises completed, pain levels. Processed on the basis of your explicit consent collected at registration.
• Usage data: pages visited, anonymized actions, IP address for approximate geolocation.
• Payment data: handled entirely by Paddle. RunHeal stores no card numbers or banking details.

• Service provision - contractual necessity (GDPR Art. 6.1.b).
• Health data processing - explicit consent (GDPR Art. 9.2.a).
• Security and service improvement - legitimate interest (GDPR Art. 6.1.f).
• Billing - legal obligation (GDPR Art. 6.1.c).

We never sell your data and do not use it for advertising purposes.

You have the right to access, rectify, erase, object to, restrict, and port your data, and to withdraw consent at any time.

To exercise your rights: contact.runheal@gmail.com or directly in the app (Profile → Security → Export / Delete account). Response within 30 days. You may also file a complaint with your national data protection authority.

• Paddle.com Market Ltd (UK/USA) - payment processing. Data Processing Agreement signed.
• Resend (USA) - transactional email delivery. Data Processing Agreement signed.
• VPS hosting - Canadian servers.
• ip-api.com - approximate IP geolocation for analytics (country/city only, no individual tracking).

Some sub-processors (Paddle, Resend) process data in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.

We use only technical cookies necessary for authentication. No advertising or third-party tracking cookies. See our cookie policy.

Material changes will be notified by email 30 days before taking effect.