BiegaMy.run · Privacy
Effective: 1 July 2026
Version 1.0

This is a plain-language summary of what data BiegaMy.run collects, why, who we share it with, and how you can delete it at any time. We only describe what the app actually does.

This English page is a summary for international readers. The Polish version is the authoritative document.
01
Who processes your data

The data controller is Filip Jańczak, operating the BiegaMy project (biegamy.run) as a private individual (not a registered business). For anything about your data or privacy, contact biegamy.run@gmail.com. We have not appointed a Data Protection Officer — at this scale it is not required.

02
What we collect and why
03
Legal basis (GDPR)
04
Health data (special category)

We process health data (GDPR Art. 9), depending on what you enter: heart rate, weight, height, BMR/TDEE, meal calories & macros, planned HRV analysis, and optionally blood-test scans in the intake form.

Health data is processed only with your explicit consent, solely to analyse your fitness and support training/nutrition planning. You can delete it anytime. BiegaMy is not a medical service and does not replace a doctor's advice.

05
Who we share data with
Supabase — backend, database, auth, file storage
Our core infrastructure. Stores all account, training and health data and uploaded files. Servers in the European Union (Ireland).
intervals.icu — watch training import
If you connect it, we pull your activities (Garmin/Polar/Coros data) into BiegaMy as workouts. Your API key is stored server-side and never read by the browser. We send intervals.icu nothing beyond what's needed to connect (your id and key).
Anthropic (Claude) — AI reports & analysis
When an AI report, plan or analysis is generated, the relevant training/health data (and training/meal images for recognition) is sent server-side to Anthropic's Claude model to produce the content. Under Anthropic's API policy, data sent via the API is not used to train models (see their privacy policy).
Resend — email delivery
Sends transactional emails and training reports to your address (unless you opt out). Receives your email and message content.
Web Push (Google / Mozilla / Microsoft)
If you enable notifications, the subscription goes to your browser's push service, which delivers the encrypted notification to your device.
Giphy — GIFs in chat
Only your typed search term reaches Giphy. No personal data.
Weather provider
Only your city name is sent to fetch the forecast. No personal data.
GitHub Pages — hosting
The app and its static assets are hosted on GitHub Pages. No personal data is uploaded there — user files go to Supabase.
Strava — optional integration
If connected, we store access tokens to fetch your activities. Fully optional; tokens are removed on disconnect or account deletion.

We do not sell your data or share it with advertisers.

06
Storage & security

Data is stored with Supabase in the European Union (Ireland), over encrypted connections (HTTPS). Row Level Security gates database access (anonymous users have none). The intervals.icu API key is server-side only. Screenshots and blood-test scans live in a private, non-public storage bucket; profile avatars are served from a public URL.

Who can see your data

Your data is accessible to you and your coach (for coaching). To be transparent: the app is in active development and full data isolation between all athlete accounts is still being rolled out — currently some profile data of other athletes may be visible to signed-in users. You can mark your profile private in settings (it is private by default).

07
Retention

We keep your data while your account exists. On deletion, training data, health data and integration keys are removed immediately (see §9). Infrastructure backups may briefly contain data before being overwritten in the normal backup cycle.

08
Your rights (GDPR)

You have the right to access, rectify, erase, restrict, port and object to processing of your data, and to withdraw consent at any time (without affecting prior processing). You may also lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO).

09
How to delete your account & data

Delete your account yourself: Profile → Settings → Delete account (you type “USUŃ KONTO” and your password if you use email login).

Your messages and comments intentionally remain with their recipients — but shown as “Deleted user”, unlinked from your identity, so other people's conversations stay coherent.

Coach accounts can't be deleted this way — contact us and we'll handle it manually. You can also disconnect an integration (e.g. intervals.icu) at any time without deleting your account; we then remove the connection key while imported workouts remain.

10
Cookies & browser storage

We use no tracking or advertising cookies. We only use browser localStorage to run the app: your login session token, your chosen theme (bm_theme), and small UI flags (e.g. “already seen” markers). No third-party tracking scripts.

11
Contact & changes

If we update this policy, we'll change the “Effective” date above and announce significant changes in the app.

Questions about privacy or your data? Email:

biegamy.run@gmail.com

Filip Jańczak · BiegaMy.run

← Back to home