Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

Run-It
Kleine Negenbundersstraat 44
3511 Kuringen, Belgium
KBO: 1019077050
BTW: BE1019077050
Email: brechtc@run-it.be

For questions about this privacy policy or your data rights, please contact us at the email address above.

Data Protection Officer: Based on our current processing activities, we are not required to appoint a Data Protection Officer under GDPR Article 37. For any data protection inquiries, please contact us directly at the email address above.

2. What Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Information

• Email address (required for authentication)

2.2 Running and Physical Data

• Running activity files (.fit) you upload
• Running metrics derived from your activities (cadence, ground contact time, vertical oscillation, pace, etc.)
• Physical characteristics you optionally provide (height, weight, age, etc.)
• Running shoe preferences, feedback, and ratings

Source of data: All running and physical data is either directly uploaded by you or derived/calculated from files you provide.

2.3 Technical Data

• IP address
• Browser type and version
• Device information
• Cookies and similar tracking technologies (see Section 7)

Server log retention: Technical logs (IP addresses, access times, error logs) are retained for up to 90 days for security and debugging purposes, after which they are automatically deleted.

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card details. Payment processing is handled by Stripe. We do not store full card details. We may receive limited payment metadata (such as payment status, transaction identifiers, and limited card information like the last 4 digits) for accounting and support.

3. Legal Basis for Processing (GDPR Article 6 & 9)

We process your personal data based on the following legal grounds:

Data Type	Purpose	Legal Basis
Account & running data	Providing shoe recommendations	Contract performance (Art. 6(1)(b))
Payment data	Processing payments	Contract performance (Art. 6(1)(b))
Email address	Account authentication	Contract performance (Art. 6(1)(b))
Ratings, feedback, and usage/report data	Algorithm / model improvement	Consent (Art. 6(1)(a)). You can withdraw this consent at any time in settings or by email. See Section 4.1 for what this includes.
Analytics cookies	Service improvement	Consent (Art. 6(1)(a))
Payment records	Tax compliance	Legal obligation (Art. 6(1)(c))

4. How We Use Your Data

We use your personal data to:

• Analyze your running mechanics and generate personalized shoe recommendations
• Create and manage your user account
• Process payments for premium features
• Improve our recommendation algorithm
• Send service-related communications (e.g., reminder to provide feedback)
• Respond to your support requests
• Comply with legal obligations

4.1 Model improvement (what we do and do not do)

Opt-in only: We use ratings, feedback, and report/usage data to improve our recommendation logic (for example, validating whether recommendations were helpful and improving scoring rules) only if you explicitly consent.

We do not use your raw uploaded .FIT file contents to train a third-party AI model (for example, we do not send your .FIT file to an external AI provider for training). Our backend parses your .FIT file to extract running metrics and then deletes the temporary file.

Your choice: You can provide or withdraw this consent at any time in your account settings or by emailing us.

5. Data Sharing and Recipients

We share your data with the following categories of recipients:

5.1 Service Providers

We use vetted service providers (data processors) to operate the service, including for:

• Hosting and infrastructure
• Database and authentication
• Payments
• Website analytics (only where you consent)

Examples of providers we may use include Supabase (database/authentication), Stripe (payments), and hosting providers. When providers process data outside the EEA, we use appropriate transfer safeguards (such as Standard Contractual Clauses or adequacy mechanisms) where applicable. More details are available on request.

5.2 No Sale of Data

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5.3 Legal Requirements

We may disclose your data if required by law, court order, or to protect our legal rights.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA) when we use service providers that operate globally. Where required, we use appropriate safeguards for such transfers (for example, Standard Contractual Clauses or adequacy mechanisms). You can contact us if you want more information about the safeguards that apply in your case.

7. Cookies and Tracking Technologies

We use cookies and similar technologies when you visit our website and dashboard. Some cookies are strictly necessary for the service to function (for example, security and login). Others (such as analytics) are used only if you choose to enable them.

Cookie consent: We use Cookiebot to manage cookie preferences and, where required, obtain your consent for non-essential cookies. You can review and change your choices at any time via the “Cookie Settings” link in our footer.

Analytics: If you consent, we may use analytics cookies to understand how the website is used and improve it. If you don’t consent, we don’t place analytics cookies.

You can also manage or delete cookies via your browser settings. Please note that blocking strictly necessary cookies may affect the functionality of the service (for example, staying signed in may not work correctly).

8. Data Retention

We retain your personal data for the following periods:

• Account data: Until you delete your account
• Profile data (height, weight, preferences): Deleted when you delete your account
• Running activity data: Until you delete it or your account
• Analysis reports: Analysis reports: Stored in your account until you delete them. If you delete your account, we may retain reports in pseudonymized form as described in Section 8.1.
• Shoe ratings and feedback: Retained unless you delete them; we use this information to improve the service only if you consent. You can withdraw consent in settings or by email.
• Payment/invoice records: 7 years (Belgian accounting and tax retention obligations)
• Server logs (IP, access logs): Up to 90 days

8.1 What Happens When You Delete Your Account

When you delete your account, we delete your account profile information (such as height, weight, age, etc.) and remove or anonymize direct identifiers in our authentication records (such as your email address). We may retain your analysis reports, running shoe opinions and derived running metrics in pseudonymized form for internal analytics and to improve our recommendation models only if you consent. This means we remove direct identifiers (such as your email) and keep only a non-direct identifier. You can withdraw consent at any time by emailing us. You may also request deletion of retained reports by contacting us at brechtc@run-it.be.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

9.1 Right of Access (Art. 15)

You can request a copy of all personal data we hold about you.

9.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure (Art. 17)

You can request deletion of your personal data ("right to be forgotten").

9.4 Right to Restriction (Art. 18)

You can request that we limit how we use your data.

9.5 Right to Data Portability (Art. 20)

You can request your data in a structured, machine-readable format.

9.6 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Secure authentication via Supabase
• Regular security updates and monitoring
• Access controls and principle of least privilege

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately.

12. Automated Decision-Making

Our shoe recommendation system uses automated processing of your running data to generate personalized suggestions. This processing:

• Is necessary for providing our service (contract performance)
• Does not produce legal effects or similarly significant effects on you
• Generates informational recommendations only—you remain fully responsible for your purchase and training decisions

Your rights: You may request human review of any recommendation or contest the output by contacting us at brechtc@run-it.be. We will explain the logic involved and, if appropriate, adjust the recommendation.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by:

• Posting the new policy on this page with an updated "Last updated" date
• Sending an email notification for significant changes (if you have an account)

14. Complaints

If you believe we have violated your data protection rights, you have the right to lodge a complaint with:

Belgian Data Protection Authority (Gegevensbeschermingsautoriteit)
Drukpersstraat 35, 1000 Brussels
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.gegevensbeschermingsautoriteit.be

15. Contact Us

For any questions about this privacy policy or your personal data, contact us at:

Run-It
Brecht Colemont
Email: brechtc@run-it.be
Phone: +32 497 74 43 21