Privacy Policy

Last updated: October 2, 2025

Introduction

Running Workouts ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website.

Account Information and Authentication

You can use Running Workouts without creating an account to browse workouts. However, if you choose to create an account, we collect the following information:

  • Email address: Required for account identification and authentication (collected from Google when you sign in)
  • Full name: Collected from your Google profile
  • Profile picture: Optional, collected from your Google profile
  • Google account identifier: A unique identifier from Google used to link your account

Purpose of collection: We collect this information to provide personalized features including saving favorite workouts and storing your training preferences (such as pace, measurement units, and heart rate settings).

Legal basis: We process this information based on your consent when you choose to create an account. Account creation is entirely optional—you can browse workouts without signing in.

Data source: This information is collected directly from Google when you authorize our application to access your basic profile information.

Information We Collect

We collect the following types of information to provide and improve our services:

  • Account and Profile Information: When you create an account via Google OAuth, we collect:
    • Email address (required for account identification)
    • Your name (from your Google profile)
    • Profile picture (optional, from your Google profile)
    • Unique account identifier
  • User Preferences: When you customize your experience, we store:
    • Measurement unit preference (kilometers or miles)
    • Personal pace settings (in seconds per kilometer)
    • Maximum heart rate (in beats per minute)
    • These preferences are linked to your account and persist across sessions
  • Saved Workouts: When you favorite workouts, we store:
    • Workout IDs you've saved
    • The date and time you saved each workout
    • This allows you to access your favorite workouts from any device
  • Analytics Data: We collect anonymous analytics data to understand how our service is used and improve the user experience:
    • Google Analytics (via Google Tag Manager): We use Google Analytics to track page views, workout searches, user interactions, and site navigation patterns. This includes anonymized IP addresses, pages visited, time spent on pages, browser type, device information, and general geographic location (country/city level).
    • Cloudflare Analytics: We use Cloudflare's infrastructure to collect additional anonymous analytics data including pages you visit, workout searches and views, and general geographic information.
    • All analytics data is collected anonymously without directly identifying individual users.
  • Session Information: We create anonymous session IDs to track user journeys without identifying individual users. Google Analytics uses its own session tracking, and we also use Cloudflare request headers for session analytics.

Cookies and Tracking

We use the following cookies and tracking technologies:

  • Authentication Cookies: When you sign in, we create a session cookie that keeps you logged in. This session:
    • Expires after 30 days of inactivity
    • Is stored securely in our database
    • Can be cleared by signing out or clearing your browser cookies
    • Uses secure, HTTP-only cookies to prevent unauthorized access
  • Analytics Cookies: Google Analytics (via Google Tag Manager) sets cookies to:
    • Distinguish unique users and throttle request rates
    • Track user sessions and interactions across pages
    • Collect data on page views, events, and site usage patterns
    • These cookies typically expire after 24 months
    • Common cookie names include: _ga, _gid, _gat
  • Preference Storage: We store your unit and training preferences in our database to personalize your experience across devices.
  • Cloudflare Cookies: Cloudflare may set cookies to provide CDN and security services. These are essential for the website to function properly.
  • Local Storage: We store your cookie consent preference in your browser's local storage.

We do not use third-party advertising cookies or sell your data to third parties. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by using your browser's privacy settings.

How We Use Your Information

We use the information we collect for the following purposes:

  • Account Management: To create, maintain, and secure your account
  • Personalization: To save your favorite workouts and remember your training preferences (pace, units, heart rate)
  • Authentication: To verify your identity when you sign in via Google OAuth
  • Service Delivery: To provide account-specific features and sync your data across devices
  • Analytics and Improvement: To understand which workouts are most popular, improve search functionality, and analyze usage patterns
  • Technical Operations: To identify and fix technical issues, maintain security, and ensure service reliability
  • Communication: To send you account-related notifications if necessary (we do not send marketing emails)

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Data Retention

We retain different types of data for different periods:

  • Account Information: Retained for as long as your account remains active. When you delete your account, your personal information is permanently deleted within 30 days.
  • User Preferences and Favorites: Retained with your account and deleted when your account is deleted.
  • Session Data: Active sessions expire after 30 days of inactivity. Expired sessions are automatically purged.
  • Analytics Data: Anonymous analytics data is retained for 30 days and then automatically deleted.
  • Authentication Tokens: OAuth tokens are refreshed periodically and expired tokens are immediately deleted.

We do not store personal identifying information beyond the periods necessary to provide our services and comply with legal obligations.

Third-Party Services

We use the following third-party services to provide and improve our application:

  • Google OAuth: For secure authentication and account creation. When you sign in with Google, Google provides us with your email address, name, and profile picture according to your Google account settings. View Google's privacy policy at policies.google.com/privacy
  • Google Analytics & Google Tag Manager: For website analytics and understanding user behavior. Google Analytics collects anonymous data about page views, user interactions, session duration, and general demographics. We use Google Tag Manager (GTM ID: GTM-5KWR7XDW) to manage analytics tags. Google may use this data in accordance with their own privacy policies. You can opt out of Google Analytics tracking using browser settings or the Google Analytics Opt-out Add-on. View Google Analytics' privacy policy at policies.google.com/privacy and their data usage at How Google uses data
  • Database Hosting: We use a third-party PostgreSQL database provider to securely store your account information, preferences, and favorites. All data is encrypted in transit and at rest.
  • Cloudflare: For CDN, security, and request header information used in analytics. View Cloudflare's privacy policy at cloudflare.com/privacypolicy
  • Redis (Optional): For optional real-time analytics counters. Redis may temporarily cache aggregated, non-personal usage statistics.
  • Hosting Infrastructure: Our application is hosted on secure cloud infrastructure that complies with industry-standard security practices.

All third-party services are carefully vetted for security and privacy compliance. We only share the minimum data necessary for each service to function.

Data Security

We take the security of your personal information seriously and implement industry-standard measures to protect your data:

  • Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS protocols
  • Database Security: User data is stored in encrypted databases with access controls and regular security audits
  • Authentication Security: We use OAuth 2.0 for authentication, which means we never store your Google password
  • Session Management: Authentication sessions use secure, HTTP-only cookies that cannot be accessed by client-side JavaScript
  • Access Controls: Only authorized personnel have access to systems containing personal data, and all access is logged
  • Regular Updates: We regularly update our security measures to address emerging threats

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your personal information using industry best practices.

Your Rights

You have the following rights regarding your personal information:

  • Access your data: Request a copy of all personal information we have about you
  • Correct your data: Update or correct inaccurate information in your profile
  • Delete your account: Permanently delete your account and all associated data by contacting us
  • Export your data: Download your saved workouts and preferences in a portable format (data portability right)
  • Withdraw consent: Stop using our services at any time and request account deletion
  • Object to processing: Object to certain types of data processing where applicable by law
  • Lodge a complaint: File a complaint with your local data protection authority if you believe your rights have been violated
  • Opt-out of analytics: Use browser privacy settings or ad blockers to prevent analytics tracking
  • Clear cookies: Clear your browser cookies and local storage at any time

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days as required by applicable privacy laws.

Account Deletion and Data Erasure

You have the right to delete your account and request erasure of your personal data at any time.

What happens when you delete your account:

  • Your account is immediately deactivated and you can no longer sign in
  • Your email address, name, profile picture, and OAuth credentials are permanently deleted within 30 days
  • All saved workouts and favorites are immediately removed
  • Your training preferences (pace, units, heart rate) are permanently deleted
  • Active sessions are terminated and authentication tokens are revoked
  • Anonymous analytics data may be retained for up to 30 days as described in our retention policy

To delete your account, please contact us using the information provided in the "Contact Us" section below. Account deletion is permanent and cannot be undone.

Children's Privacy

Our service is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately so we can delete the information.

International Data Transfers

Running Workouts is operated internationally. If you are accessing our service from outside your country, please be aware that your information may be transferred to, stored, and processed in countries where our servers and database providers are located.

By using our service and creating an account, you consent to the transfer of your information to these countries. We ensure that all data transfers comply with applicable data protection laws and use appropriate safeguards such as standard contractual clauses where required.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes to this policy:

  • We will update the "Last updated" date at the top of this page
  • We will notify users via email if the changes significantly affect how we handle personal information
  • We will display a prominent notice on our website for 30 days
  • For registered users, continued use of our services after notification constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need assistance with your account, please contact us:

  • Email: [email protected]
  • Data Protection Requests: For account deletion, data access, or other privacy-related requests, please email us with "Privacy Request" in the subject line
  • Response Time: We will respond to all privacy-related inquiries within 30 days