Consumer Health Data Privacy Policy

This is a dedicated policy for "consumer health data" as defined by the Washington My Health My Data Act (MHMDA) and Nevada Senate Bill 370. It explains the consumer health data Rundown collects, why we collect it, the categories we share and with whom, and how you can exercise your rights. For everything else, see our full Privacy Policy and Terms.

1. Scope

Rundown is operated by Daniel Nesfeder, an individual based in the United States ("Rundown", "we", "us", "our"). "Consumer health data" means personal information that identifies your past, present, or future physical or mental health status. For Rundown, that includes your heart rate, precise location tied to your physical activity, body weight, and the fitness measurements and scores derived from them. This policy applies to that data regardless of where you live; it is provided in addition to, not instead of, our full Privacy Policy.

2. Consumer Health Data We Collect, and Why

We collect the following categories of consumer health data, and only for the purposes listed:

• Heart rate and heart-rate zones — to compute your run and walk scores (including Zone 2 adherence) and to generate your personalized insights.
• Precise location from your activities (GPS coordinates and route) — to compute scores and, for a brief lookup, to retrieve the historical weather at the start of your activity.
• Body weight that you optionally enter — to calibrate load- and effort-based scoring. It is never shown as a stat, score, or share.
• Physical-activity and fitness data — distance, pace, duration, elevation, cadence, and walk load — to score and explain your activities.
• Derived health-related measurements — the performance scores, trends, and recaps Rundown computes from the above.

We collect consumer health data only with your consent — given when you connect Strava, enable a feature, or enter the data yourself — and only to provide the Service to you. We do not use it to advertise, to profile you, or to train AI models.

3. Sources of This Data

• You and your device — the body weight and heart-rate zones you enter, the plans you import, and the activity metadata you log.
• Strava, on your authorization — your runs and walks and their heart rate, GPS, pace, distance, elevation, and cadence, retrieved through Strava's API after you connect your account.

4. Consumer Health Data We Share, and With Whom

We do not sell your consumer health data, and we do not share it for advertising or with data brokers. We share it only with the service providers (processors) below, only to operate the Service, and only under agreements that bar them from using it for their own purposes:

• Supabase, Inc. (our database) — stores your body weight, heart-rate zones, and the scores and recaps derived from your activity. Your precise GPS coordinates are not stored on our backend; they stay on your device.
• OpenAI, L.L.C. (AI insights) — receives a summary that may include your average heart rate and fitness metrics to generate your insights and weekly recap. We do not send your name, exact GPS coordinates, or body weight.
• OpenWeather Ltd. (weather lookup) — receives the precise start coordinates and timestamp of an activity to return historical weather. No identity is attached.

Our push-notification (Google Firebase Cloud Messaging), email (Resend), and subscription (RevenueCat) providers receive no consumer health data. The categories of third parties with whom we share consumer health data are limited to the database, AI, and weather processors named above; we have no affiliates.

5. Your Rights

You have the right to access the consumer health data we have collected about you, to withdraw your consent, and to have that data deleted, including from our service providers. To exercise these rights:

1. Delete in the app: open Profile → Delete my account and confirm. This revokes Strava access and deletes your data from our backend.
2. Or contact us: email privacy@therundown.app to access, withdraw consent for, or delete your consumer health data. We will respond within 45 days (and may extend once where reasonably necessary, as the law permits). We will not discriminate against you for exercising these rights.

6. No Geofencing

Rundown does not use geofences. We do not establish a virtual boundary around any health-care facility, and we do not use location to identify or track you near such facilities or to send you notifications or advertising based on health services.

7. Changes and Contact

If we make a material change to this policy, we will update the "Last updated" date above and provide notice as required by law. For any question about your consumer health data, contact:

Privacy email: privacy@therundown.app