Privacy Policy
Last updated: 30 November 2025
Summary: We collect running data you upload and basic account information to provide personalized running shoe recommendations. We do not sell your data. You have full control over your information under GDPR.
1. Data Controller
The data controller responsible for your personal data is:
Run-It
Brecht Colemont
Belgium
Email: brechtc@run-it.be
For questions about this privacy policy or your data rights, please contact us at the email address above.
2. What Personal Data We Collect
We collect the following categories of personal data:
2.1 Account Information
- Email address (required for authentication)
2.2 Running and Physical Data
- Running activity files (.fit, .gpx, .tcx) you upload
- Running metrics derived from your activities (cadence, ground contact time, vertical oscillation, pace, etc.)
- Physical characteristics you optionally provide (height, weight, age, ..)
- Running shoe preferences, feedback, and ratings
2.3 Technical Data
- IP address
- Browser type and version
- Device information
- Cookies and similar tracking technologies (see Section 7)
2.4 Payment Information
Payment processing is handled by Stripe. We do not store your full credit card details. We only receive confirmation of successful payments and the last 4 digits of your card for reference.
3. Legal Basis for Processing (GDPR Article 6 & 9)
We process your personal data based on the following legal grounds:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account & running data | Providing shoe recommendations | Contract performance (Art. 6(1)(b)) |
| Payment data | Processing payments | Contract performance (Art. 6(1)(b)) |
| Email address | Account authentication | Contract performance (Art. 6(1)(b)) |
| Anonymized ratings | Algorithm improvement | Legitimate interest (Art. 6(1)(f)) |
| Analytics cookies | Service improvement | Consent (Art. 6(1)(a)) |
| Payment records | Tax compliance | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
We use your personal data to:
- Analyze your running mechanics and generate personalized shoe recommendations
- Create and manage your user account
- Process payments for premium features
- Improve our recommendation algorithm (using anonymized, aggregated data)
- Send service-related communications (e.g., reminder to provide feedback)
- Respond to your support requests
- Comply with legal obligations
Important Disclaimer: Our service provides running shoe recommendations based on biomechanical analysis. This is not medical advice. We do not diagnose, treat, or prevent any medical conditions. If you have injuries or health concerns, please consult a qualified healthcare professional or sports medicine specialist.
5. Data Sharing and Recipients
We share your data with the following categories of recipients:
5.1 Service Providers
- Supabase (database and authentication) – EU servers
- Stripe (payment processing) – certified under EU-US Data Privacy Framework
- Vercel/Cloud hosting (website hosting)
5.2 No Sale of Data
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
5.3 Legal Requirements
We may disclose your data if required by law, court order, or to protect our legal rights.
6. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework certification (for US providers)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
7. Cookies and Tracking Technologies
We use cookies and similar technologies for the following purposes:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, basic functionality | Session / 1 year |
| Preference | Remember your settings and cookie consent | 1 year |
| Analytics (optional) | Understand how visitors use our site | Up to 2 years |
You can manage your cookie preferences through our cookie banner or your browser settings. Note that disabling essential cookies may affect site functionality.
8. Data Retention
We retain your personal data for the following periods:
- Account data: Until you delete your account
- Profile data (height, weight, preferences): Deleted when you delete your account
- Health data (injury history): Deleted immediately when you delete your account
- Running activity data: Until you delete it or your account
- Analysis reports: Retained with anonymized user ID after account deletion (see below)
- Shoe ratings and feedback: Retained anonymously for algorithm improvement (see below)
- Payment records: 7 years (Belgian tax law requirement - Wetboek economisch recht)
- Cookie consent: 1 year
8.1 What Happens When You Delete Your Account
When you delete your account:
- Immediately deleted: Your email address, profile information, biometric data (height, weight, age), and injury history
- Anonymized (kept for service improvement): Your shoe ratings/feedback and analysis reports are retained but your user ID is replaced with an anonymous identifier. This anonymized data cannot be linked back to you and helps us improve our recommendation algorithm for all users.
Full deletion option: If you want ALL your data deleted including anonymized ratings, contact us at brechtc@run-it.io before deleting your account and we will ensure complete removal.
9. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
9.1 Right of Access (Art. 15)
You can request a copy of all personal data we hold about you.
9.2 Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete data.
9.3 Right to Erasure (Art. 17)
You can request deletion of your personal data ("right to be forgotten").
9.4 Right to Restriction (Art. 18)
You can request that we limit how we use your data.
9.5 Right to Data Portability (Art. 20)
You can request your data in a structured, machine-readable format.
9.6 Right to Object (Art. 21)
You can object to processing based on legitimate interests.
9.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
How to exercise your rights: Email us at privacy@run-it.io. We will respond within 30 days. You may also delete your account and data directly from your account settings.
10. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Secure authentication via Supabase
- Regular security updates and monitoring
- Access controls and principle of least privilege
11. Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately.
12. Automated Decision-Making
Our shoe recommendation system uses automated processing of your running data to generate personalized suggestions. This processing:
- Is necessary for providing our service (contract performance)
- Does not produce legal effects or similarly significant effects on you
- Can be reviewed by contacting our support team
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by:
- Posting the new policy on this page with an updated "Last updated" date
- Sending an email notification for significant changes (if you have an account)
14. Complaints
If you believe we have violated your data protection rights, you have the right to lodge a complaint with:
Belgian Data Protection Authority (Gegevensbeschermingsautoriteit)
Drukpersstraat 35, 1000 Brussels
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.gegevensbeschermingsautoriteit.be
15. Contact Us
For any questions about this privacy policy or your personal data, contact us at:
Run-It Intelligence
Email: brechtc@run-it.be