runbot Privacy Policy

Effective 2026-05-21

runbot is a small companion app for an iMessage running-bot. It exists to keep you signed in and to forward your Apple Health workouts to your iMessage crew chat, where leaderboards and conversation actually live. This policy describes what we collect, what we do with it, and how to delete your account.

What we collect

Health & Fitness data. Running workouts you record in any app that writes to Apple Health (Strava, Apple Watch, Nike Run Club, and so on). We read each new running workout's distance, duration, heart rate (if recorded), elevation gain, calories (if recorded), and GPS route polyline. We use this to compute crew leaderboard stats and to announce your runs in your iMessage group chat.
Precise location. GPS coordinates from each workout's route, transmitted as a polyline string. If you enable the "hide GPS endpoints" privacy setting in the app, our server trims approximately the first and last 8% of each polyline before serving it to crew members (so your home location stays private).
Phone number. Collected when you sign up via SMS one-time passcode. Your phone number is your iMessage handle so our bot can message you in your group chat.
Display name. A name you choose. Shown on leaderboards and in run-announcement messages in your iMessage group chat.
Account identifier. An internal UUID that links your data together server-side.
Strava connection (optional). If you import a Strava archive ZIP, we ingest your historical activities from that file. We do not store your Strava credentials.
Group chat membership. When runbot is added to an iMessage group chat, we record each member's iMessage handle and their membership in that group, even if they have never sent runbot a direct message. This is the minimum needed to attribute runs announced in the group to crew members. Any participant can remove runbot from the group at any time (Messages → Details → Remove), which stops further recording.

What we don't do

We do not sell your data to anyone.
We do not show ads in the app, and we do not run any third-party advertising or analytics SDKs.
We do not track you across other apps or websites.
We do not retain your data after you delete your account, except where required by law.

How your data flows

The runbot iOS app reads workouts from Apple Health on your iPhone and uploads each new workout to api.runbot.fit (our backend).
Our backend stores your activity rows and triggers a message to your iMessage group chat through an iMessage relay we operate.
Twilio's Verify product sends the one-time SMS codes used for signup. Twilio processes your phone number for that purpose only.
Anthropic provides the language model used by the in-chat bot's chatbot replies. Chatbot messages and a small amount of context (your display name, crew name, recent run stats) are sent to Anthropic to generate the bot's response. Anthropic does not train on this data per their commercial terms.
Mapbox renders map tiles and computes reverse-geocoded location names for the iOS app's run-map screens. We send Mapbox the coordinates of polyline endpoints to resolve a human-readable place name (for example "Presidio · San Francisco, CA"). We do not send Mapbox any account identifier or phone number.
GraphHopper computes turn-by-turn route geometries when you ask runbot to generate a route. We send GraphHopper the start coordinate and a target distance; we do not send any account identifier or phone number.
No other third-party services have access to your data.

How we store and protect your data

Activity and account data are stored in our managed Postgres database (Neon, us-west-2).
Our backend runs on Fly.io in the sjc region. Fly is our compute host; it processes data in transit and at rest while our application code is executing, and does not access the database or our object storage independently.
DNS for our domains is managed at GoDaddy. GoDaddy resolves api.runbot.fit and runbot.fit to our hosts but does not process the data that travels over those connections.
All network traffic between the app and our backend is encrypted with TLS.
OAuth tokens (if you connect external services) are encrypted at rest with a per-deployment encryption key.
The iMessage relay runs on a Mac under our control. Messages it sends and the chat-handle allowlist of who can receive them are scoped to your registered group chats only. The relay reaches our backend over a private network.

Your rights

Delete your account. Open the app → tap the gear icon → Settings → "Delete account". This permanently deletes your account, all your recorded activities, and your membership in every crew. Crews you created stay alive; ownership transfers to the next-longest-tenured member. This action cannot be undone.
Export your data. Email the address below and we will send you a JSON dump of your account within 30 days.
Disconnect Apple Health. iOS Settings → Privacy & Security → Health → runbot → toggle off. After this, we stop receiving new workouts. Historical workouts already uploaded remain unless you delete your account.

Children

runbot is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us and we will delete the account.

Changes to this policy

Material changes (collecting new categories of data, adding new third parties, changing how we use existing data) will be announced in-app before they take effect. The effective date at the top of this page reflects the most recent update.

Contact
Email: privacy@runbot.fit
For account deletion requests outside the app, include the phone number used at signup so we can locate your account.