Privacy Policy

Last updated: April 15, 2026

RunRival ("we", "us", or "the app") is a running challenge app that lets you compete with friends using data from Apple Health. This Privacy Policy explains what data we collect, why, and how it is stored.

Data we collect

• Apple HealthKit running workouts (distance, duration, start time, pace). Read-only — we never write to your Health data.
• Display name and optional profile photo you choose, so your friends can recognize you in a league. Photos are stored as compressed images in our database.
• Anonymous Firebase user ID, generated on first launch. If you choose to Sign in with Apple, this ID is linked to your Apple account so you can keep your progress across devices and reinstalls.
• Push notification token, so we can notify you when a friend runs or passes you in a league.
• League data you explicitly share: league name, invite code, scores, and rival pass history.

Data we do NOT collect

• Your email address, phone number, or real identity (unless you Sign in with Apple — in which case we only see an opaque Apple-provided identifier).
• GPS coordinates or routes. Only distance and duration are read from HealthKit.
• Heart rate, sleep, nutrition, or any non-running HealthKit data.
• Analytics, crash reports, or third-party tracking SDKs.
• Any advertising identifiers.

How your data is stored

Data is stored in Google Firebase (Firestore and Firebase Authentication) in European data centers (europe-west1). Access is restricted by Firestore security rules: only you can read your own workouts and only participants of a league can see each other's scores.

Data retention

Workout records are automatically deleted after 12 months via a Firestore TTL policy. Nudge notifications expire after 30 days. Rival activity and rank events expire after 7 days. Your user profile and challenge data are kept until you delete your account.

Data sharing

We do not sell, rent, or share your data with third parties. Your workouts and scores are only visible to the participants of leagues you join.

Push notifications

Notifications are routed through the Expo Push Service and then to Apple Push Notification service (APNs). We send notifications when a rival in your league runs, or when your rank changes. You can disable notifications at any time in iOS Settings → RunRival → Notifications.

HealthKit disclosure

RunRival reads running workouts from HealthKit only. HealthKit data is never sent to our servers in raw form — we send only the processed summary (distance, duration, pace, date) needed to compute your score. HealthKit data is never shared with third parties or used for advertising.

Your rights

• Revoke HealthKit access anytime: iOS Settings → Health → Data Access & Devices → RunRival.
• Delete your account and all associated data directly in the app: Stats tab → Account → Delete my account. This permanently removes your profile, workouts, stats, challenge participation, notifications, and Firebase Auth record. You can also email us.
• Export your data directly in the app: Stats tab → Account → Export my data. This provides a JSON file containing your profile, workouts, monthly stats, and challenge data (GDPR Article 15).

Children

RunRival is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

If we make material changes, we will update the "Last updated" date at the top of this page.

Contact

Questions about this policy or your data? Email [email protected].