Privacy Policy for Insight Run

Data Collection

Insight Run reads the following data from Apple HealthKit:

• Running workouts (distance, duration, heart rate, pace, cadence)
• Advanced running metrics (power, stride length, ground contact time, vertical oscillation)
• Sleep data (duration, quality)
• Heart rate variability (HRV)
• Body metrics (weight, body mass index)
• VO2 Max estimates
• Resting and walking heart rate
• Respiratory rate

When you connect your Strava account (optional):

• Activity data (workouts, routes, performance metrics)
• Profile information (athlete name, avatar)
• Activity statistics and achievements

Data Usage

Your health data is:

• Stored locally on your device - All your health data remains on your iPhone
• Never sold or rented - We do not sell, rent, or trade your personal health information
• Shared with AI services only with your explicit consent - When you enable AI coaching, anonymized workout metrics are sent through our backend server to a third-party AI service (OpenRouter) for analysis. See the "AI Features and Data Processing" section below for full details.
• Used only for generating personalized insights - Data is processed to provide you with recovery scores, performance analysis, and training recommendations
• Processed securely - All data processing follows Apple's HealthKit security guidelines

AI Features and Data Processing

Insight Run offers AI-powered coaching features. When you enable AI coaching and provide your explicit consent, the following data processing occurs:

Data sent to the AI service

The following categories of health and workout data may be included in AI analysis requests:

• Workout metrics - Distance, duration, pace, cadence, calories burned
• Heart rate data - Average, max, and resting heart rate during workouts
• Recovery and HRV - Heart rate variability, recovery scores, and trends
• Sleep data - Sleep duration and quality metrics
• Health profile - VO2 Max estimates, body metrics (weight, BMI), respiratory rate
• Mobility and performance - Running power, stride length, ground contact time, vertical oscillation

How data is processed

• Your anonymized workout data is sent from the app to our secure backend server hosted on Cloudflare Workers
• Our backend forwards the anonymized data to OpenRouter (openrouter.ai), a third-party AI API routing service
• OpenRouter routes requests to AI models provided by Anthropic, Google, and xAI
• The AI model generates personalized coaching insights and returns them to you

Data protection

• No personally identifiable information (name, email, location, etc.) is transmitted to the AI service
• Only anonymized workout metrics are sent — your data cannot be traced back to you
• Data is not permanently stored by OpenRouter or the AI model providers — it is used only to generate a response
• Your data is never sold, rented, or used for advertising purposes
• AI responses and conversation history are not stored on our servers
• All communication is encrypted end-to-end using HTTPS/TLS
• Rate limiting is applied (a limited number of requests per hour) to prevent abuse and ensure fair usage

Your consent

• AI coaching features are opt-in only — your health data is never sent to any AI service without your explicit consent
• You will be asked to review and accept the data sharing terms before AI features are activated
• You can revoke your consent at any time from the app settings, which will immediately stop all data sharing with the AI service
• Revoking consent does not affect the health data stored locally on your device

Data Storage and Security

We take your privacy seriously:

• All health data is stored exclusively in Apple's HealthKit on your device
• We do not maintain any databases of user health information
• All network communications use industry-standard encryption (HTTPS/TLS)
• We implement security best practices following Apple's App Store guidelines

HealthKit Permissions

Insight Run requests permission to read specific health data types. You have full control over which data types to share:

• You can grant or deny access to individual data types
• You can modify permissions at any time in the Health app settings
• The app will function with partial permissions, though some features may be limited
• Insight Run does not write or modify any data in HealthKit - it is read-only

Third-Party Services

Insight Run integrates with the following services:

• Strava - Optional integration to synchronize your activities and access detailed workout data. When connected, we access only the data you authorize through Strava's OAuth flow. All Strava data handling complies with Strava's API Agreement and Brand Guidelines.
• OpenRouter (openrouter.ai) - Third-party AI API routing service used to provide AI-powered coaching and analysis. OpenRouter forwards requests to AI models from Anthropic, Google, and xAI. Only anonymized workout metrics are sent. OpenRouter's data handling is governed by their privacy policy and our data processing agreements, which ensure equivalent protection for your data.
• Cloudflare Workers - Our backend infrastructure that securely handles API requests between the app and AI services without permanently storing user data.
• Apple HealthKit - Native iOS framework for accessing health data with your permission.
• Analytics services - Used to improve app performance and user experience. Only anonymized usage data is collected.

These services are bound by their own privacy policies and our agreements with them include strict data protection clauses.

Data Retention

• Health data remains in Apple HealthKit and is governed by Apple's privacy policy
• Strava data is synchronized periodically and cached locally on your device. You can disconnect your Strava account at any time.
• App preferences and settings are stored locally on your device using iOS's UserDefaults (not backed up to our servers)
• We do not retain any user data on our servers beyond the duration of an AI request
• AI conversation history is stored locally on your device and never synced to the cloud

Data Deletion

You have complete control over your data:

• You can delete all app data by uninstalling Insight Run from your device
• You can disconnect your Strava account at any time from the app settings, which will remove all cached Strava data
• Your HealthKit data remains in the Health app and is not affected by uninstalling Insight Run
• You can manage HealthKit data directly in the Apple Health app
• Since we don't store user data on our servers, there is no remote data to delete

Children's Privacy

Insight Run is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Your Rights

You have the right to:

• Access the data we process about you (which is minimal as data stays on your device)
• Request deletion of any data we might hold (we don't hold user-specific data)
• Withdraw HealthKit permissions at any time through iOS Settings
• Revoke AI data sharing consent at any time in the app settings, immediately stopping all data transmission to the AI service
• Opt out of AI features entirely by not enabling AI coaching
• Export your data through HealthKit's native export functionality

International Data Transfers

Our backend services operate globally. When you use AI features, your anonymized workout data may be processed in different geographic regions. All data transfers are protected by encryption and comply with applicable data protection laws.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@altcode.studio
• Website: https://insightrun.ai

Compliance

Insight Run complies with:

• Apple's App Store Review Guidelines
• Apple's HealthKit Data Usage Guidelines
• GDPR (General Data Protection Regulation) for European users
• CCPA (California Consumer Privacy Act) for California users
• Industry best practices for health data privacy