Privacy Policy

Disclaimer: This document is not legal advice. It describes our current data practices in good faith. Please have it reviewed by a qualified attorney before relying on it.

Effective date: February 15, 2026

Zach Highley LLC ("we," "us," "our") operates the RunQuest mobile application and website at https://runquest.io. This Privacy Policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

1.1 Device & Account Identifiers

When you use RunQuest, a stable runner ID is generated and stored in your device's Keychain. If you sign in with Apple or Google, we associate your identity with your runner ID so your coach memory can sync across devices.

1.2 iOS Permissions & Sensor Data

RunQuest requests the following iOS permissions:

  • Location (including background): Used to track your runs and deliver live coaching. Background location is only active during a workout session and only when you have granted "Always" permission.
  • HealthKit (heart rate): RunQuest reads heart-rate data from Apple Health to power optional live HR coaching during runs. We do not write to HealthKit, and HR data is not uploaded to our servers.
  • Microphone: Used during runs to listen for your configured wake phrase, enabling hands-free coaching.
  • Speech Recognition: Used during runs to transcribe your spoken requests to the coach.
  • Motion & Fitness: Used to improve pacing and cadence estimates during runs.

Audio and speech data are processed on-device or via Apple's speech recognition APIs and are not stored on our servers.

1.3 Coach Memory (Server-Side)

If you enable coach memory (optional, on by default), RunQuest stores personalization data on our backend server keyed by your runner ID. This includes:

  • Coach personality preferences (tone, humor, accent, voice style)
  • Free-form "About You" and "Fitness Goals" notes you enter
  • Facts the coach learns about your running over time

Coach memory is currently stored as JSON files on the backend's persistent disk. You can disable coach memory at any time in the app's Profile settings, and you can reset or delete it (see Section 6).

1.4 Strava Integration (Optional)

If you choose to connect Strava, we store your Strava OAuth tokens on our backend server to enable one-way export of completed runs from RunQuest to your Strava account. We do not import data from Strava. You can disconnect Strava at any time.

1.5 Usage Logs

Our backend logs usage events (coaching requests, errors, token counts) keyed by runner ID to daily log files. These logs help us monitor service health and cost. They do not contain the content of your coaching conversations.

2. How We Use Your Information

  • To provide and personalize AI coaching during and between runs
  • To track your run metrics and progression (quests, streaks, XP, leagues)
  • To export runs to Strava when you have opted in
  • To monitor service reliability, diagnose errors, and manage costs
  • To process subscription purchases via the App Store

3. Third-Party Services

RunQuest uses the following third-party services:

  • OpenAI: Our backend sends coaching prompts (including your runner context and coach memory) to OpenAI's API to generate coaching cues. OpenAI's data usage policies apply to this processing.
  • Sentry: We use Sentry for crash reporting and error tracking in the iOS app. Sentry may receive device metadata and stack traces when errors occur.
  • PostHog: We use PostHog for product analytics in the iOS app. Events are tagged with an app identifier. PostHog captures anonymous usage events to help us improve the product.
  • RevenueCat: We use RevenueCat to manage subscriptions and in-app purchases. RevenueCat processes purchase data through Apple's App Store.
  • Strava: If you connect Strava, we communicate with Strava's API to export your run data. Strava's privacy policy governs their handling of that data.

4. Data Security

We take reasonable measures to protect your data, including:

  • HTTPS for all communication between the app and our backend
  • API key authentication between the app and backend
  • Rate limiting on backend endpoints
  • Security headers (via Helmet) on the backend
  • Sensitive credentials stored in the iOS Keychain

Coach memory is currently stored as unencrypted JSON files on a persistent disk. We plan to migrate to encrypted database storage. No system is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

Coach memory and Strava tokens are retained as long as your account exists. Usage logs are stored in daily files and retained for operational purposes. We do not currently have an automated retention schedule but plan to implement one.

6. Your Choices & Data Deletion

  • Disable coach memory: Toggle off in Profile settings. The backend will stop reading/writing memory for your runner ID.
  • Reset coach memory: Use the "Reset Coach Memory" button in Profile settings, or use the "Delete Account" option to delete all cloud data associated with your signed-in identity.
  • Disconnect Strava: Use the "Disconnect Strava" button in Profile settings to revoke the connection and remove stored tokens.
  • Request full deletion: Email hello@runquest.io with your request. We will delete your runner memory, Strava tokens, and usage logs within a reasonable timeframe.

7. Cookies & Tracking

This website does not use cookies or any website tracking (no Google Analytics, no pixels). The iOS app uses PostHog for product analytics as described above.

8. Children's Privacy

RunQuest is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised effective date.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at hello@runquest.io.

Zach Highley LLC