Privacy Policy

Information We Collect

Running Momma is a training and nutrition app for runners. When you sign in with Apple or Google, the app stores the following data both locally on your device and on our secure server for cloud sync:

• Weight and unit preferences (kg/lbs)
• Temperature settings (Celsius/Fahrenheit)
• App preferences (language, time format, fueling strategy, theme)
• Running shoes (brand, model, mileage)
• Training plan selections and workout completion status
• Workout notes and training streaks

The following data is stored only on your device and is never uploaded to our server:

• Nutrition calculation history
• Run parameters (duration, course type, target pace)

We collect your name and email address only through Apple or Google sign-in for account management purposes. We do not collect location data.

Data Storage & Cloud Sync

When you sign in, your training data (preferences, shoes, training plan, workout progress, and streaks) is automatically synced to our secure server. This enables seamless access across multiple devices — sign in on a new phone and your data is there.

Cloud sync data is stored in a PostgreSQL database hosted on Railway (cloud infrastructure provider) and is encrypted in transit. Your data is tied to your authenticated account and cannot be accessed by other users.

Nutrition calculation history is stored only on your device using local storage. Uninstalling the app permanently deletes all locally-only data.

Third-Party Integrations

Running Momma offers optional integrations with third-party fitness services. These integrations are entirely opt-in and require your explicit consent before any data is shared.

Garmin Connect

When you connect your Garmin account, the app sends structured workout data (workout names, dates, intervals, and pace targets) to Garmin Connect via our secure backend server. The app also receives activity data (distance, duration, pace, heart rate) from your Garmin device after you complete a run. This data is used solely to display your workout results within the app.

Strava

When you connect your Strava account, the app receives activity data (distance, duration, pace, heart rate) from Strava to display alongside your training plan. The app does not post activities to Strava or modify your Strava data in any way.

Apple HealthKit

On iOS, the app reads completed running workouts and average heart rate from Apple HealthKit so it can auto-complete planned workouts and personalize your training plan and AI coaching responses. You enable this from Settings; it requires your explicit permission via the standard Apple Health prompt.

HealthKit data sent off-device: When HealthKit is the source for a matched workout, summarized run metrics (distance, duration, pace, average heart rate, elevation, calories) are uploaded to our backend for plan generation and AI coaching. They are processed by our AI provider, Anthropic (Claude), only when you actively use the AI coach. No raw GPS tracks or HealthKit sample identifiers leave your device.

The app may also schedule structured workouts to your Apple Watch via Apple's WorkoutKit framework — a separate Apple authorization, distinct from HealthKit. Running Momma does not currently write workouts or other samples back to Apple Health. iOS may show a "write" permission prompt because the app's HealthKit entitlement allows for that capability in future versions; declining the write prompt has no effect on the current app.

AI Coach (Anthropic Claude)

When you enable the AI Coach feature, the app sends summarized training data to Anthropic's Claude AI for analysis and personalized coaching. This is an opt-in feature that requires your explicit consent before activation. Anthropic acts as our sub-processor for these requests.

Data sent to the AI:

• Training plan metadata (distance, level, phase, current week)
• Workout details (type, duration, distance, target pace)
• Activity metrics from your most recent run, including average heart rate, average pace, distance, and elevation gain. The activity may originate from Strava, Garmin, or Apple HealthKit depending on what's connected.
• An anonymous device-generated identifier (UUID)

Data NOT sent to the AI: your name, email, GPS tracks, raw HealthKit sample identifiers, or any other personally identifiable information.

Chat conversation history is stored on our backend server and can be deleted at any time from the app's Settings. Anthropic's processing terms are described in Anthropic's Privacy Policy; we do not opt in to model training on your data.

Important: The AI Coach provides general training guidance only and is not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional for injuries or health concerns.

You can disconnect any integration at any time from the app's Settings. Disconnecting removes stored credentials and stops all data exchange with that service. Each third-party service has its own privacy policy, and we encourage you to review them. We are not responsible for the data practices of third-party services.

Backend Server

We operate a backend server hosted on Railway that provides the following services:

• Cloud Sync: Stores your training data (preferences, shoes, plan, workouts, streaks) tied to your authenticated account for cross-device sync. You can delete all synced data at any time from the app's Settings or by deleting your account.
• Authentication: Manages Apple and Google sign-in sessions. Stores your name, email, and encrypted OAuth tokens.
• Garmin Connect: Facilitates OAuth authentication and relays workout data between the app and Garmin's APIs. Stores Garmin OAuth tokens (encrypted) and activity data.
• Strava: Facilitates OAuth token exchange and refresh server-side (so our client secret never ships in the app), receives Strava webhook events for activity auto-completion, and stores Strava tokens (encrypted). Strava tokens and athlete IDs are deleted when you disconnect.
• Plan Generation: When you create or recalibrate a training plan, summarized fitness signals (weekly distance, longest run, recent race results) are sent to the server, processed by Anthropic (Claude) where the AI is used, and the resulting plan is sent back to your device.
• AI Coach: Routes opted-in chat and feedback requests to Anthropic (Claude) on your behalf. Stores chat history server-side; deletable from Settings.
• Push Notifications: Stores your device push token and upcoming workout schedule to send workout completion notifications.

Error Monitoring

The app uses Sentry for crash reporting. Sentry collects only technical details (device type, OS version, error logs) without capturing personal, nutrition, or health information. This data is processed by Sentry (Functional Software, Inc.) under their privacy policy and is retained for 90 days.

Crash Reporting

The app uses Sentry (sentry.io) to automatically collect crash reports and error diagnostics. This helps us identify and fix bugs that affect the app's stability.

Data collected by Sentry:

• Crash and error reports (stack traces, error messages)
• Device type and OS version
• App version and build number

Data NOT collected: GPS location, health data, workout content, personal messages, browsing history, or product-usage analytics.

The app does not use advertising, ad profiling, behavioral tracking, session replay, or heatmaps. No data is sold to or shared with advertisers.

Data Sharing

We do not sell, rent, or share your data with third parties for marketing or advertising purposes. Cloud sync data is stored on our own server infrastructure (Railway) and is not shared with any third party. Data is only shared with third-party fitness services (Garmin, Strava) when you explicitly enable those integrations, with Anthropic for AI coaching when you enable the AI Coach feature, and with Sentry for crash reporting as described above.

Administrative Access

Running Momma is operated by a single founder. To provide customer support, investigate abuse, and recover from data-corruption issues, the operator can view your account profile (name, email, signup date), training plan, completed workouts, and the connection status of any third-party integrations you've enabled. The operator cannot read your Garmin, Strava, or Apple Health credentials, which are stored encrypted.

When the operator takes an action that modifies your account — for example, clearing a training plan at your request — we record the action in an internal audit log. To allow recovery if an action is taken in error, the log may include a snapshot of the affected data (your training plan and workout history) for up to 90 days, after which the snapshot is automatically deleted while a minimal record of the action (admin ID, your account ID, action type, timestamp) is retained for accountability under GDPR Article 5(2). If you delete your account, snapshots tied to your account are purged immediately and your account identifier in the audit log is replaced with an irreversible hash.

We do not currently offer or use account impersonation as part of normal operations. If we ever do, this policy will be updated before that capability is used.

Children's Privacy

Running Momma is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you are under 16, please do not use this app without parental or guardian consent.

Your Rights

Depending on your location, you may have the following rights regarding your data:

• Access: Request a copy of data we hold about you.
• Deletion: Request deletion of your data. For local data, uninstalling the app deletes everything. For server-side data (cloud sync, Garmin tokens, AI Coach history), use the delete options in the app's Settings or contact us.
• Portability: Request your data in a portable format.
• Objection: Object to the processing of your data.
• Correction: Request correction of inaccurate data.

For EU/EEA residents (GDPR): The legal basis for processing your data is your consent (for third-party integrations and AI coaching) and legitimate interest (for crash reporting). You may withdraw consent at any time by disconnecting integrations or disabling the AI Coach in Settings.

For California residents (CCPA): We do not sell personal information. You have the right to know what data we collect, request deletion, and opt out of any future sale of personal information.

To exercise any of these rights, contact us at the email address below.

Data Retention & Deletion

Local data is retained on your device until you uninstall the app or clear it manually from Settings. Cloud sync data is retained on our server as long as your account exists. You can delete all synced data at any time from the app's Settings. Deleting your account permanently removes all server-side data including sync data, Garmin tokens, push tokens, and AI Coach conversation history. Server-side Garmin tokens are also deleted immediately upon disconnection. Sentry crash data is retained for 90 days. AI Coach conversation history can be deleted at any time from the app's Settings. Disabling the AI Coach stops all data processing by Anthropic. To request complete deletion of any server-side data, contact us at the email address below.

International Data Transfers

Our backend server and Sentry may process data outside your country of residence. These transfers are necessary to provide the service and are protected by appropriate safeguards.

Contact

For privacy-related questions, data requests, or concerns, contact us at contact@runningmomma.com

Policy Changes

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this page periodically. Continued use of the app after changes constitutes acceptance of the updated policy.