This is a plain-language summary of what data BiegaMy.run collects, why, who we share it with, and how you can delete it at any time. We only describe what the app actually does.
The data controller is Filip Jańczak, operating the BiegaMy project (biegamy.run) as a private individual (not a registered business). For anything about your data or privacy, contact biegamy.run@gmail.com. We have not appointed a Data Protection Officer — at this scale it is not required.
- Account & identity — email, name, optionally phone, date of birth, gender, city, profile photo. For running your account and personalising the app.
- Training data — workouts (distance, time, pace, elevation, calories, feel, comments), personal bests, race goals, sign-ups, watch/app screenshots, mini-game results. For logging and analysing training with your coach.
- Health data (see §4) — heart rate, weight, height, BMR/TDEE, meal calories & macros, and optionally blood-test scans in the intake form. For fitness and nutrition analysis.
- Coarse location — the city name you provide, used only for weather. No GPS.
- Communication — messages and comments with your coach and friends, notifications.
- Technical — login session and, if you enable them, a push subscription id and browser type.
- Integration keys — if you connect intervals.icu (or Strava), the data needed for the connection (see §5).
- Performance of a service (Art. 6(1)(b)) — running your account, logging training, coach–athlete communication.
- Your consent (Art. 6(1)(a)) — push notifications, integrations (intervals.icu, Strava), AI report generation. Withdrawable anytime.
- Explicit consent for health data (Art. 9(2)(a)) — health data is provided voluntarily and processed only with your explicit consent.
- Legitimate interest (Art. 6(1)(f)) — app security and abuse prevention.
We process health data (GDPR Art. 9), depending on what you enter: heart rate, weight, height, BMR/TDEE, meal calories & macros, planned HRV analysis, and optionally blood-test scans in the intake form.
Health data is processed only with your explicit consent, solely to analyse your fitness and support training/nutrition planning. You can delete it anytime. BiegaMy is not a medical service and does not replace a doctor's advice.
We do not sell your data or share it with advertisers.
Data is stored with Supabase in the European Union (Ireland), over encrypted connections (HTTPS). Row Level Security gates database access (anonymous users have none). The intervals.icu API key is server-side only. Screenshots and blood-test scans live in a private, non-public storage bucket; profile avatars are served from a public URL.
Who can see your data
Your data is accessible to you and your coach (for coaching). To be transparent: the app is in active development and full data isolation between all athlete accounts is still being rolled out — currently some profile data of other athletes may be visible to signed-in users. You can mark your profile private in settings (it is private by default).
We keep your data while your account exists. On deletion, training data, health data and integration keys are removed immediately (see §9). Infrastructure backups may briefly contain data before being overwritten in the normal backup cycle.
You have the right to access, rectify, erase, restrict, port and object to processing of your data, and to withdraw consent at any time (without affecting prior processing). You may also lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO).
Delete your account yourself: Profile → Settings → Delete account (you type “USUŃ KONTO” and your password if you use email login).
- Permanently deleted: all workouts, nutrition data, health data and intake form (including blood-test scans), personal bests, notifications, push subscriptions, game data, the intervals.icu API key and Strava tokens, race sign-ups, posts and friendships.
- Profile anonymised — personal data removed, profile marked “Deleted user”; the login account is deactivated and stripped of personal data.
- Files (photos, screenshots, scans) are removed from storage.
Your messages and comments intentionally remain with their recipients — but shown as “Deleted user”, unlinked from your identity, so other people's conversations stay coherent.
Coach accounts can't be deleted this way — contact us and we'll handle it manually. You can also disconnect an integration (e.g. intervals.icu) at any time without deleting your account; we then remove the connection key while imported workouts remain.
We use no tracking or advertising cookies. We only use browser localStorage to run the app: your login session token, your chosen theme (bm_theme), and small UI flags (e.g. “already seen” markers). No third-party tracking scripts.
If we update this policy, we'll change the “Effective” date above and announce significant changes in the app.