Club Runner

Privacy Policy

Last updated: April 9, 2026

Overview

Club Runner ("Club Runner," "we," "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how it is used, and the choices you have regarding your data when you use the Club Runner application ("the Service").

Sources of Activity Data

Club Runner may process activity data from the following sources:

  • Manual Logging — activity data entered directly within the Club Runner app
  • Strava— running activities imported via Strava's OAuth API when you connect your Strava account
  • Garmin Connect— running activities pushed automatically via Garmin's webhook API when you connect your Garmin account

The type and amount of data available to Club Runner depends on the source and the permissions you grant. You must explicitly authorize each connection before any data is accessed.

Account Information

When you create an account, we collect your email address and display name. You may optionally provide a profile photo, bio, city, state, and links to external profiles (e.g., Strava).

Fitness & Activity Data

When you log runs, record activities, or sync from connected platforms, we may collect:

  • Activity type (e.g., run, walk)
  • Distance, pace, duration, and elevation
  • Activity start time and timestamps
  • GPS location data (latitude, longitude, altitude)
  • Heart rate and other metrics from your fitness device
  • Photos you attach to your activities
  • Notes and descriptions

This data is classified as health and fitness data. It is accessed only with your explicit authorization and used solely to support Club Runner features such as group run tracking, activity logging, and personal progress views.

Club & Membership Data

We store information about your club memberships, including your role (member, coach, owner), join date, and membership status.

User-Generated Content

We store content you create on the platform, including channel messages, board posts and comments, direct messages, event RSVPs, emoji reactions, and photos or files you upload.

Training Data

If you use training plans, we store plan details, workout entries, scheduled dates, completion status, coach notes, and workout segments. If a coach creates a plan for you, both you and the coach can access the plan data.

AI Coach Interactions

When you use the AI Coach feature, we send your messages along with relevant context (such as your club membership, training plan data, and channel content) to our third-party AI provider (Anthropic) to generate responses. These interactions are processed in real time and are not stored by Anthropic beyond the duration of the request.

What We Do Not Collect

Club Runner does not collect or store:

  • Continuous background location monitoring
  • Audio, video, or background sensor data
  • Payment or financial information
  • Advertising, marketing, or behavioral profiling data
  • Medical or clinical health data (diagnoses, medications, lab results)

How We Use Your Data

We use your information to:

  • Provide, maintain, and improve the Service
  • Display your profile, messages, and activities to your club members
  • Match synced activities with club group runs
  • Enable coach-athlete training plan sharing and collaboration
  • Power the AI Coach feature by sending relevant context to our AI provider
  • Send you notifications about messages, events, mentions, and training updates
  • Authenticate your identity and secure your account

We do not use your data for advertising, resale, health profiling, or unrelated analytics.

Data Sharing

Club Runner does not sell, rent, or trade user data.

Messages, posts, runs, events, and other content you share within a club are visible to other members of that club. Direct messages are visible only to the participants.

When you accept a training plan from a coach, the coach can view your training plan data, including workout entries, completion status, and related notes.

We use the following third-party services to operate Club Runner:

  • Supabase — database hosting, user authentication, and file storage
  • Netlify — application hosting and serverless functions
  • Anthropic — AI processing for the AI Coach feature. Anthropic does not store your data beyond the duration of each request.
  • Strava — activity data sync when you connect your Strava account. Data is accessed only via their OAuth API with your authorization.
  • Garmin Connect— activity data sync when you connect your Garmin account. Data is pushed via Garmin's webhook API with your authorization.

These providers are used solely to operate the Service. We do not share user data with any third parties for marketing, advertising, or any other purpose.

Data Storage & Security

Your data is stored using Supabase (PostgreSQL database and object storage) and hosted on Netlify. We implement security measures including:

  • Row-level security (RLS) policies to ensure users can only access authorized data
  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Secure authentication via Supabase Auth with encrypted password storage
  • Server-side access controls for API endpoints

No system can be guaranteed to be 100% secure. We take reasonable technical and organizational measures to protect data from unauthorized access, misuse, or disclosure.

Data Deletion & User Rights

You may:

  • Access and correct your personal data through your profile and activity pages
  • Revoke access to connected platforms at any time through the Club Runner settings or the third-party platform's settings (e.g., Strava, Garmin Connect)
  • Delete your account and all associated data — including activity data, GPS data, heart rate data, and stream data — through our Account Deletion page or by emailing joe@gridrungp.com
  • Opt out of AI Coach features by simply not using them — the AI Coach does not process your data unless you actively engage with it

Deleted data may persist in encrypted backups for up to 30 days before being permanently purged.

Children's Privacy

Club Runner is not intended for children under the age of 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 13, we will delete the account and associated data promptly.

International Users

Club Runner is operated from the United States. If you access the Service from outside the US, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of Club Runner after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or would like to request data deletion, please contact: joe@gridrungp.com