Privacy Policy

Your runs are yours.

Last updated 2026-05-15 · v0.1

Runstamp is built and operated by Rohith Gilla as a side project. This is a plain-English description of what Runstamp does with your data. The whole codebase is public at github.com/Rohithgilla12/runstamp if you want to read it yourself.

What we collect

From you, directly

• Email address + display name when you sign in with Apple, Google, or email/password. Stored in Firebase Authentication.
• Photos you choose to include in a share card. Photos stay on your device — composed into the share card on-device and saved to your camera roll. We never upload your photo library or the raw photos to our servers.

From Strava (only when you connect it)

• Your athlete profile (id, name, photo).
• Your activity history — distance, time, pace, heart rate, GPS route, splits, calories, elevation. Read-only; Runstamp never writes anything back to Strava.
• An encrypted copy of your Strava access + refresh tokens, used to fetch new activities on your behalf. Encryption is AES-256-GCM with a server-side key.

From Apple Health (only when you grant permission, only on iOS)

• Running workouts, heart rate, route, active energy, running power, vertical oscillation, ground contact time, stride length, cadence, VO2 max.
• Read-only. Apple requires us to declare a "write" permission to read; we never actually write anything back to Health.
• Downsampled to ≤500 points per stream before leaving your device.

What we DON'T collect

• Analytics or behavioural tracking (no Google Analytics, no Firebase Analytics, no Aptabase, no Mixpanel — nothing).
• Crash reports beyond your device's native logging unless you opt in (we'll prompt before enabling Crashlytics, currently disabled).
• Your contacts, calendar, microphone, or any data outside running.
• Ad identifiers (IDFA / GAID). Runstamp does not show ads.

What we share

Nothing. Runstamp has no third-party data partners, no ad networks, no analytics SaaS. Sharing a run happens on your device — you tap "Save to camera roll" and post the resulting image to Instagram, WhatsApp, or X yourself. Runstamp never posts on your behalf and never sees those posts.

Where the data lives

• Authentication: Firebase (Google Cloud) — your sign-in identity only.
• Activities + tokens: a PostgreSQL database on a private VPS (Oracle Cloud, Mumbai region), only reachable through a Cloudflare Tunnel. The database is not exposed to the public internet.
• Photos for share cards: never leave your device.

How long we keep it

For as long as your account exists. Account deletion is a single tap in the Runstamp app: Settings → Delete account. We hard-delete your user row + cascade-delete every connected account + every activity within 30 days. Backups roll forward within 60 days so a deleted record disappears from the backup line within two months.

Disconnecting Strava

Settings → Connections → Strava → Disconnect. This hard-deletes your encrypted Strava tokens from our database. Already-imported activities remain in Runstamp unless you also tap "Clear my imported activities" — that's a separate decision.

Children

Runstamp is not directed at children under 13. We do not knowingly collect data from anyone under 13.

Security

• OAuth tokens are AES-256-GCM encrypted at rest.
• HTTPS-only via Cloudflare; no plaintext API traffic.
• Firebase ID tokens are short-lived JWTs verified server-side on every request.
• The Strava client secret never ships in the mobile app — token exchange happens on the server.

Changes

If this policy changes materially we'll bump the "Last updated" date at the top and surface a notice in the app on next launch.

Contact

Privacy questions, deletion requests, or anything else: email privacy@gilla.fun, or open an issue at github.com/Rohithgilla12/runstamp/issues.