Legal

Privacy Policy

Last updated: 21 April 2026

GoAnd.Run ("we", "us", "our") is an AI-powered running coach that connects to third-party services including Strava and Oura to provide personalised training plans and coaching feedback. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

1. Data We Collect

Account Information

When you create an account, we collect your name and email address.

Strava Data

When you connect your Strava account, we request read and activity:read_all permissions. We import your running activities including:

  • Activity metadata (date, duration, distance, type)
  • Performance data (pace, heart rate, cadence, power)
  • Elevation and GPS route data
  • Activity streams (time-series data for detailed analysis)

We never post to Strava or modify your Strava data.

Oura Data

When you connect your Oura ring, we request access to the following data scopes to inform your training recommendations:

  • Daily summaries — readiness, sleep, and activity scores
  • Heart rate — resting heart rate and heart rate variability (HRV) trends
  • Personal information — age, weight, and height for coaching context
  • Workout data — exercise sessions detected by your ring
  • Session data — breathing and meditation sessions
  • Stress data — daytime stress levels

We use this data in read-only mode and never modify your Oura data.

Coaching Interactions

We store training plans, coaching feedback, weekly reviews, and session adjustments generated by the AI coaching engine, as well as your check-in responses and preferences.

2. How We Use Your Data

We use your data exclusively to provide the GoAnd.Run coaching service:

  • Generating personalised training plans based on your fitness data and goals
  • Providing AI coaching feedback on individual sessions
  • Adapting your training plan based on recovery data, sleep quality, and readiness scores
  • Producing weekly training reviews and session adjustments
  • Tracking training load, fitness, and fatigue metrics
  • Factoring Oura recovery and sleep data into training intensity recommendations

3. AI Processing

GoAnd.Run uses AI language models from multiple providers to generate coaching feedback and training plans. When generating coaching content, relevant portions of your activity and recovery data are sent to these providers' APIs for processing.

Anthropic (Claude)

Used for training plan generation and plan adaptation. Data sent to Anthropic is not used to train their models and is not stored beyond the duration of the API request.

OpenAI (GPT)

Used for session coaching feedback, weekly training reviews, session adjustments, and recovery insights. Data sent via the API is not used to train OpenAI's models. For details, see OpenAI's API Data Privacy.

MiniMax (fallback)

Used as a fallback provider if the primary AI services are unavailable. For details on how MiniMax handles data, see MiniMax's Privacy Policy.

For all providers, your data is:

  • Used solely to generate your coaching response
  • Transmitted securely over encrypted connections
  • Not shared with any other third parties by the AI provider

4. Payments & Billing

Paid subscriptions are processed exclusively by Stripe, a PCI-compliant payment provider. When you upgrade to Coach, Stripe handles the entire payment flow on their own secure checkout page.

GoAnd.Run never sees, stores, or transmits your card details. Specifically:

  • Card number, expiry, CVC and billing postcode are captured directly by Stripe on their hosted checkout page
  • We store only a Stripe customer reference (cus_xxx), the card brand, and the last 4 digits for display purposes
  • Subscription status, invoice history, and receipts live in Stripe's systems and are accessible from your billing portal

When you delete your account, we cancel any active subscription immediately and delete your Stripe customer record so that no personally identifying data is retained on the Stripe side beyond what Stripe itself must keep for tax and regulatory compliance (see Section 7).

For details on how Stripe handles data, see Stripe's Privacy Policy.

5. Data Sharing

We do not sell, license, or share your personal data with advertisers, data brokers, or any other third parties. Your data is only shared with:

  • Anthropic — for training plan generation and adaptation (see Section 3)
  • OpenAI — for session feedback, weekly reviews, session adjustments, and recovery insights (see Section 3)
  • MiniMax — as a fallback provider when primary services are unavailable (see Section 3)
  • Stripe — for subscription billing and payment processing (see Section 4)
  • Infrastructure providers — our hosting and database providers, who process data on our behalf under appropriate data processing agreements

Oura may collect certain usage data and information related to your use of the Oura API through GoAnd.Run for their own business purposes. For details, see Oura's Privacy Policy.

6. Data Security

We employ commercially reasonable administrative, technical, and physical measures to protect your data, including:

  • All data transmitted over HTTPS/TLS encrypted connections
  • API tokens for Strava and Oura are encrypted at rest in our database
  • Access to production systems is restricted and authenticated
  • Regular security updates to application dependencies

7. Data Retention

We retain your data for as long as your account is active and as necessary to provide the coaching service. Cached data from third-party APIs is not retained beyond 60 days.

When you delete your account or request data deletion, all your personal data is permanently removed, including imported activities, training plans, coaching feedback, and any stored Strava or Oura tokens. We also cancel any active Stripe subscription and delete your Stripe customer record.

Stripe, as our payment processor, may retain transaction records (amount, date, subscription ID) for their own tax, accounting and regulatory compliance obligations. This retention is outside our control and is required by UK and EU law for financial record keeping. No personally identifying information is retained for this purpose beyond what Stripe needs to maintain a historical audit trail.

8. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Deletion — delete your account and all associated data at any time from your profile settings, or by emailing us
  • Disconnect — revoke Strava or Oura access at any time from your dashboard, or directly from Strava's app settings or Oura's account settings
  • Portability — request your data in a portable format
  • Withdraw consent — withdraw consent for data processing at any time

To exercise any of these rights, email [email protected].

9. Cookies

We use only essential cookies required for authentication and session management. We do not use analytics, advertising, or tracking cookies.

10. Children's Privacy

GoAnd.Run is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the service. Your continued use of GoAnd.Run after changes take effect constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at [email protected].