Legal

Privacy Policy

Last updated: 26 March 2026

GoAnd.Run ("we", "us", "our") is an AI-powered running coach that connects to third-party services including Strava and Oura to provide personalised training plans and coaching feedback. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

1. Data We Collect

Account Information

When you create an account, we collect your name and email address.

Strava Data

When you connect your Strava account, we request read and activity:read_all permissions. We import your running activities including:

  • Activity metadata (date, duration, distance, type)
  • Performance data (pace, heart rate, cadence, power)
  • Elevation and GPS route data
  • Activity streams (time-series data for detailed analysis)

We never post to Strava or modify your Strava data.

Oura Data

When you connect your Oura ring, we request access to the following data scopes to inform your training recommendations:

  • Daily summaries — readiness, sleep, and activity scores
  • Heart rate — resting heart rate and heart rate variability (HRV) trends
  • Personal information — age, weight, and height for coaching context
  • Workout data — exercise sessions detected by your ring
  • Session data — breathing and meditation sessions
  • Stress data — daytime stress levels

We use this data in read-only mode and never modify your Oura data.

Coaching Interactions

We store training plans, coaching feedback, weekly reviews, and session adjustments generated by the AI coaching engine, as well as your check-in responses and preferences.

2. How We Use Your Data

We use your data exclusively to provide the GoAnd.Run coaching service:

  • Generating personalised training plans based on your fitness data and goals
  • Providing AI coaching feedback on individual sessions
  • Adapting your training plan based on recovery data, sleep quality, and readiness scores
  • Producing weekly training reviews and session adjustments
  • Tracking training load, fitness, and fatigue metrics
  • Factoring Oura recovery and sleep data into training intensity recommendations

3. AI Processing

GoAnd.Run uses AI language models (provided by Anthropic) to generate coaching feedback and training plans. When generating coaching content, relevant portions of your activity and recovery data are sent to Anthropic's API for processing. This data is:

  • Used solely to generate your coaching response
  • Not used by Anthropic to train their models
  • Not stored by Anthropic beyond the duration of the API request
  • Transmitted securely over encrypted connections

4. Data Sharing

We do not sell, license, or share your personal data with advertisers, data brokers, or any other third parties. Your data is only shared with:

  • Anthropic — as described in Section 3, for AI coaching generation
  • Infrastructure providers — our hosting and database providers, who process data on our behalf under appropriate data processing agreements

Oura may collect certain usage data and information related to your use of the Oura API through GoAnd.Run for their own business purposes. For details, see Oura's Privacy Policy.

5. Data Security

We employ commercially reasonable administrative, technical, and physical measures to protect your data, including:

  • All data transmitted over HTTPS/TLS encrypted connections
  • API tokens for Strava and Oura are encrypted at rest in our database
  • Access to production systems is restricted and authenticated
  • Regular security updates to application dependencies

6. Data Retention

We retain your data for as long as your account is active and as necessary to provide the coaching service. Cached data from third-party APIs is not retained beyond 60 days.

When you delete your account or request data deletion, all your personal data is permanently removed, including imported activities, training plans, coaching feedback, and any stored Strava or Oura tokens.

7. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Deletion — delete your account and all associated data at any time from your profile settings, or by emailing us
  • Disconnect — revoke Strava or Oura access at any time from your dashboard, or directly from Strava's app settings or Oura's account settings
  • Portability — request your data in a portable format
  • Withdraw consent — withdraw consent for data processing at any time

To exercise any of these rights, email [email protected].

8. Cookies

We use only essential cookies required for authentication and session management. We do not use analytics, advertising, or tracking cookies.

9. Children's Privacy

GoAnd.Run is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the service. Your continued use of GoAnd.Run after changes take effect constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at [email protected].