Legal

Privacy Policy

Last updated: 17 March 2026

1. Introduction

Vantage Run (“we”, “our”, or “us”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect data when you use the Vantage Run mobile application and related services (collectively, the “Service”).

By using Vantage Run, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information we collect

2.1 Information you provide directly

  • Account information — email address and password when you register.
  • Training profile — your race goal, race date, available equipment, and preferred training frequency.
  • Strength calibration data — the number of repetitions you complete during benchmark exercises.
  • Session logs — exercises, sets, reps, and any notes you enter during strength sessions.

2.2 Information from Strava

When you connect your Strava account, we request the following permissions and collect the following data with your explicit consent:

  • Athlete profile — your Strava athlete ID, name, and profile information.
  • Activity data — your recorded running activities, including distance, duration, pace, heart rate, cadence, elevation, and GPS route data.

We request only the minimum scopes required: read, activity:read_all, and profile:read_all. We never post to Strava on your behalf, modify your activities, or request write permissions.

2.3 Information collected automatically

  • Usage data — which screens you visit, features you use, and actions you take within the app.
  • Device information — device type, operating system version, and app version.
  • Crash reports — anonymous error logs to help us fix bugs.

3. How we use your information

We use the information we collect to:

  • Generate and adapt personalised running and strength training plans.
  • Analyse your Strava activity data to assess fitness trends, pace progression, and weekly training load.
  • Provide AI-powered coaching insights via the Anthropic Claude API (see Section 5).
  • Send you training reminders and plan update notifications (with your consent).
  • Improve the accuracy and quality of our training algorithms.
  • Respond to your support requests.
  • Comply with legal obligations.

We do not use your data for advertising purposes, and we do not sell your personal data to third parties.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, our legal basis for processing your personal data is:

  • Contract performance — processing necessary to provide the Service you have signed up for.
  • Legitimate interests — improving our Service, preventing fraud, and ensuring security.
  • Consent — for connecting your Strava account and for marketing communications. You may withdraw consent at any time.
  • Legal obligation — where we are required to process data to comply with applicable law.

5. Third-party services

5.1 Strava

Vantage Run integrates with Strava via their official API. Your use of Strava is governed by Strava’s Privacy Policy. We access your Strava data only with your explicit authorisation and only to the extent required to provide the Service.

5.2 Anthropic (Claude AI)

To generate and adapt your training plans, we send relevant training data (your goal, fitness level, recent activity summaries, and strength calibration results) to the Anthropic Claude API. This data is used solely to generate your training plan and is not used to train Anthropic’s models. Anthropic’s data handling is governed by their Privacy Policy.

We do not send your name, email address, or any directly identifying information to Anthropic. Data is referenced by an anonymous internal identifier only.

5.3 Hosting and infrastructure

Our backend API is hosted on Heroku (Salesforce). Your data is stored in PostgreSQL databases hosted within Heroku’s infrastructure. Heroku’s data handling practices are governed by their Privacy Policy.

6. Data retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data — retained until you delete your account.
  • Activity data synced from Strava — retained for the duration of your account. You can disconnect Strava at any time to stop future syncing; previously synced data will be deleted within 30 days of disconnection.
  • Training plans and session logs — retained for the duration of your account.
  • Usage and crash logs — retained for up to 90 days.

When you delete your account, all personal data is permanently deleted within 30 days, except where we are required to retain it by law.

7. Data security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit using TLS.
  • Encryption of sensitive tokens (Strava access and refresh tokens) at rest.
  • JWT-based authentication with token revocation.
  • Regular security reviews of our codebase and infrastructure.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using industry-standard practices.

8. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Restriction — request that we restrict processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@vantagerun.app. We will respond within 30 days.

9. Children's privacy

Vantage Run is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

10. International data transfers

Your data may be transferred to and processed in countries outside your own, including the United States, where our infrastructure providers operate. Where required, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app or by email before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Bingsviken Consulting AB

Email: privacy@vantagerun.app