RunVector logo
Back to home

Privacy Policy

Effective Date: December 8, 2025

Last Updated: December 8, 2025

1. Who We Are

RunVector ("RunVector," "we," "us," or "our") provides marathon training analytics and race prediction services through our website at runvector.io and related applications (collectively, the "Services").

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Services. By using RunVector, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide Directly

  • Account Information: Email address, name, and password when you create an account
  • Profile Information: Age, maximum heart rate, heart rate zones, and training preferences
  • Race Information: Target races, goal times, and race history you enter manually

Information from Connected Services

When you connect your Garmin account, we collect:

  • Profile Data: Name, profile photo, athlete ID, and account identifiers
  • Activity Data: Running activities including distance, duration, pace, heart rate, cadence, GPS coordinates, elevation, lap splits, and activity timestamps
  • Historical Data: Up to 3 years of running activity history, required to evaluate training load trends for marathon performance modeling

Data Minimization

We only request data necessary for training analytics and marathon prediction features. We do not collect or store data beyond what is required to provide our Services.

Information Collected Automatically

  • Usage Data: Pages visited, features used, and interactions with the Services
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and referring URLs

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Generate personalized training analysis and insights
  • Calculate marathon time predictions based on your training data
  • Display your running history, statistics, and progress
  • Send service-related communications (account verification, updates, security alerts)
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues or fraudulent activity
  • Comply with legal obligations

We do NOT use your personal data to train artificial intelligence or machine learning models. Your training data is used solely to provide Services to you. Historical activity data is processed solely to provide personalized training analytics and marathon prediction features and is not used for any other purpose.

4. How We Share Your Information

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Service Providers

We share information with trusted service providers who assist in operating our Services. Service providers may only process your data on our behalf and under contractual confidentiality and security obligations.

ProviderPurposeData Shared
SupabaseDatabase hosting & authenticationAccount data, activity data
VercelApplication hostingUsage logs, IP addresses
GarminActivity sync (OAuth)Authentication tokens

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Third-Party Integrations

Garmin Connect Integration

When you connect your Garmin Connect account, we request only the permissions necessary to sync your running activities for training analysis.

Garmin Connect data is never used for advertising, model training, or sold to third parties.

How to Disconnect Garmin Connect

You can disconnect Garmin Connect from RunVector at any time:

  1. Go to Settings in RunVector
  2. Click "Disconnect" next to your Garmin connection
  3. Confirm the disconnection

Upon disconnection, we revoke OAuth access and stop syncing new activities. Your previously synced activity data remains in your account for continued analysis. To permanently delete all your data, use the "Delete Account" option.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you use our Services.

Types of Cookies We Use

  • Essential Cookies: Required for authentication and core functionality
  • Preference Cookies: Remember your settings (e.g., distance units)
  • Analytics Cookies: Help us understand usage patterns to improve the Services

We do not use advertising cookies or share cookie data with advertisers. You can control cookies through your browser settings, though disabling essential cookies may prevent you from using certain features.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • All data transmitted over HTTPS/TLS 1.3 encryption
  • Database hosted on Supabase (US region) with PostgreSQL row-level security policies
  • OAuth tokens encrypted at rest using AES-256
  • Regular security reviews and updates
  • Access to personal data restricted to authorized personnel only

Token Lifecycle

OAuth access tokens are stored securely and refreshed automatically. When you disconnect a service or revoke authorization, tokens are deleted immediately from our servers. New tokens are only issued after explicit re-authorization through OAuth.

Security Reporting

If you discover a security vulnerability, please report it to security@runvector.io. We take all security reports seriously and will respond promptly.

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your information according to the following schedule:

Data TypeRetention Period
Account DataWhile account is active
Activity DataWhile connection is active
OAuth TokensDeleted immediately upon disconnection
Usage/Access Logs90 days
Activity Sync Logs30 days
Backup Data30 days after deletion

Data Deletion

You can delete your data in the following ways:

  • Delete your account: Go to Settings and click "Delete Account" to permanently remove all your data, including synced activities, profile, and preferences
  • Request via email: Contact privacy@runvector.io to request data deletion

Note: Disconnecting Garmin stops syncing new activities but does not delete previously synced data. To delete all data, you must delete your account.

Data Deletion Page: https://runvector.io/privacy/delete-data

9. Your Rights and Choices

Depending on your location, you may have the following rights:

RightDescription
AccessRequest a copy of your personal data
CorrectionRequest correction of inaccurate data
DeletionRequest deletion of your data
PortabilityRequest your data in a portable format
RestrictionRequest restriction of processing
ObjectionObject to certain types of processing

To exercise these rights, contact us at privacy@runvector.io. We will respond within 30 days.

10. International Data Transfers

RunVector is based in the United States. Our database is hosted on Supabase in the US region. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using our Services, you consent to this transfer.

11. Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us at privacy@runvector.io and we will promptly delete it.

12. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so this right does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@runvector.io.

13. European Privacy Rights

If you are in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

Legal Bases for Processing

  • Contract: Processing necessary to provide you with our Services
  • Consent: Where you have given explicit consent (e.g., connecting Garmin)
  • Legitimate Interests: Improving our Services, preventing fraud
  • Legal Obligation: Compliance with applicable laws

Your GDPR Rights

In addition to the rights listed in Section 9, you have the right to:

  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice via email or in-app notification. We encourage you to review this policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

RunVector

Data Protection Contact: A. Fernandez, Founder

Privacy Inquiries: privacy@runvector.io

Security Issues: security@runvector.io

General Support: support@runvector.io

We will respond to your inquiry within 30 days.