Privacy Policy for Insight Run

Data Collection

Insight Run reads the following data from Apple HealthKit:

• Running workouts (distance, duration, heart rate, pace, cadence)
• Advanced running metrics (power, stride length, ground contact time, vertical oscillation)
• Sleep data (duration, quality)
• Heart rate variability (HRV)
• Body metrics (weight, body mass index)
• VO2 Max estimates
• Resting and walking heart rate
• Respiratory rate

When you connect your Strava account (optional):

• Activity data (workouts, routes, performance metrics)
• Profile information (athlete name, avatar)
• Activity statistics and achievements

Data Usage

Your health data is:

• Stored locally on your device - All your health data remains on your iPhone
• Never shared with third parties - We do not sell, rent, or share your personal health information
• Used only for generating personalized insights - Data is processed to provide you with recovery scores, performance analysis, and training recommendations
• Processed securely - All data processing follows Apple's HealthKit security guidelines

AI Features

When you use the AI assistant:

• Your workout data and metrics are sent to our secure backend server for AI analysis via third-party AI services
• No personally identifiable information (name, email, etc.) is transmitted
• Only anonymized workout metrics are sent to the AI service
• AI responses are not stored on our servers
• All communication is encrypted using HTTPS
• Rate limiting is applied (a limited number of requests per hour) to prevent abuse and ensure fair usage

Data Storage and Security

We take your privacy seriously:

• All health data is stored exclusively in Apple's HealthKit on your device
• We do not maintain any databases of user health information
• All network communications use industry-standard encryption (HTTPS/TLS)
• We implement security best practices following Apple's App Store guidelines

HealthKit Permissions

Insight Run requests permission to read specific health data types. You have full control over which data types to share:

• You can grant or deny access to individual data types
• You can modify permissions at any time in the Health app settings
• The app will function with partial permissions, though some features may be limited
• Insight Run does not write or modify any data in HealthKit - it is read-only

Third-Party Services

Insight Run integrates with the following services:

• Strava - Optional integration to synchronize your activities and access detailed workout data. When connected, we access only the data you authorize through Strava's OAuth flow. All Strava data handling complies with Strava's API Agreement and Brand Guidelines.
• Third-party AI services - Used to provide AI-powered coaching and analysis. Only anonymized workout metrics are sent.
• Cloud infrastructure services - Our backend infrastructure that securely handles API requests without storing user data.
• Apple HealthKit - Native iOS framework for accessing health data with your permission.
• Analytics services - Used to improve app performance and user experience. Only anonymized usage data is collected.

These services are bound by their own privacy policies and our agreements with them include strict data protection clauses.

Data Retention

• Health data remains in Apple HealthKit and is governed by Apple's privacy policy
• Strava data is synchronized periodically and cached locally on your device. You can disconnect your Strava account at any time.
• App preferences and settings are stored locally on your device using iOS's UserDefaults (not backed up to our servers)
• We do not retain any user data on our servers beyond the duration of an AI request
• AI conversation history is stored locally on your device and never synced to the cloud

Data Deletion

You have complete control over your data:

• You can delete all app data by uninstalling Insight Run from your device
• You can disconnect your Strava account at any time from the app settings, which will remove all cached Strava data
• Your HealthKit data remains in the Health app and is not affected by uninstalling Insight Run
• You can manage HealthKit data directly in the Apple Health app
• Since we don't store user data on our servers, there is no remote data to delete

Children's Privacy

Insight Run is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Your Rights

You have the right to:

• Access the data we process about you (which is minimal as data stays on your device)
• Request deletion of any data we might hold (we don't hold user-specific data)
• Withdraw HealthKit permissions at any time through iOS Settings
• Opt out of AI features by not using the AI assistant
• Export your data through HealthKit's native export functionality

International Data Transfers

Our backend services operate globally. When you use AI features, your anonymized workout data may be processed in different geographic regions. All data transfers are protected by encryption and comply with applicable data protection laws.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@altcode.studio
• Website: https://insightrun.ai

Compliance

Insight Run complies with:

• Apple's App Store Review Guidelines
• Apple's HealthKit Data Usage Guidelines
• GDPR (General Data Protection Regulation) for European users
• CCPA (California Consumer Privacy Act) for California users
• Industry best practices for health data privacy