Privacy Policy

Last updated: May 16, 2026

Introduction

Runi (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use the Runi mobile application and website (collectively, the “Service”).

Information We Collect

We collect information you provide directly, including:

  • Account information: name, email address, and authentication credentials.
  • Health and wellness data: menstrual cycle information, health goals, lifestyle preferences, and life stage details you share during onboarding and ongoing use.
  • Connected device data: health metrics from Apple Health, Oura Ring, or other integrated services you choose to connect.
  • Calendar data: schedule information from Google Calendar if you choose to connect it.
  • Usage data: how you interact with the app, including features used and preferences set.

How We Use Your Information

We use your information to:

  • Generate personalized daily protocols for nutrition, fitness, supplements, and sleep.
  • Adapt recommendations based on your cycle phase, goals, and connected health data.
  • Improve and develop new features for the Service.
  • Communicate with you about your account and Service updates.

AI Processing

Runi uses artificial intelligence to generate personalized health recommendations. Your health data is processed by our AI system to create tailored protocols. We do not sell your data to third-party AI providers. Data sent to AI services for processing is not used to train their models.

Data Storage and Security

Your data is encrypted in transit and at rest. Sensitive health information is stored using industry-standard encryption. We use secure authentication (JWT tokens) and never store passwords in plaintext. On your device, sensitive data is stored using secure storage mechanisms provided by the operating system.

Third-Party Services

We integrate with third-party services only when you explicitly connect them. These include Apple Health, Oura, and Google Calendar. We only access the specific data categories you authorize, and you can disconnect these services at any time.

Subprocessors

Runi relies on the following third-party processors to operate the Service. Each is bound by its own privacy and security commitments, and we send only the data categories listed.

  • Anthropic — generates personalized chat responses, daily protocols, plan recommendations, and fact extractions. Data sent: system prompts, chat messages, profile fields (including cycle phase and life stage), recent cycle entries, recent health metrics from connected devices, extracted facts, and calendar context. Anthropic does not use this data to train their models.
  • Fly.io — application and database hosting (US, San Jose region). Data sent: all data we store on your behalf.
  • Resend — transactional, welcome, and data-export email delivery. Data sent: email address, name, and email body.
  • Sentry — error and crash reporting. Data sent: stack traces and request context from server errors.
  • PostHog — analytics for our marketing website only (not the mobile app). Data sent: page-view events and waitlist form submissions.
  • Apple — Sign In with Apple and HealthKit. Data sent: identity tokens at sign-in. HealthKit metrics remain on your device unless you authorize Runi to read them; see the Apple Health section above.
  • Google — Sign In with Google (OAuth) and Google Calendar integration. Data sent: identity tokens at sign-in; calendar events when you connect Google Calendar.
  • RevenueCat — subscription management. Data sent: subscription state and receipt information. No health data.
  • Expo Push (APNs/FCM) — mobile push notification delivery. Data sent: notification text, which may include personalized summaries such as daily briefing teasers or plan adjustments.
  • Instacart — cart hand-off for grocery lists. Data sent: the grocery list items you choose to send. No health data.

We will update this list as our subprocessors change. Material changes will be communicated in line with the “Changes to This Policy” section below.

Apple Health (HealthKit)

If you choose to connect Apple Health, Runi requests read-only access to the following HealthKit data types:

  • Heart rate
  • Heart rate variability (HRV, SDNN)
  • Resting heart rate
  • Step count
  • Active energy burned
  • Sleep analysis

We never write data to HealthKit. You can revoke access at any time in the iOS Health app under Sharing → Apps → Runi.

HealthKit-derived data is never sold, never shared with data brokers, and never used for advertising or marketing purposes. We do not use HealthKit data to build advertising profiles, and we do not disclose it to third parties for their own marketing.

HealthKit-derived metrics are included in the personalization context Runi sends to its AI provider (Anthropic) to generate your daily protocols, briefings, and chat responses. This disclosure is the only third-party flow of HealthKit data, and it happens solely to deliver Runi’s service to you. Data sent to Anthropic is not used to train their models. If you disconnect Apple Health, no further HealthKit data is read or forwarded.

Data Retention

We retain your personal information for as long as your account is active and for as long as we have a legitimate business or legal need to keep it. The exact length depends on the type of data, the purpose it serves, and any legal obligations we are subject to.

You can request deletion of your account and all associated data at any time through the app settings or by contacting us. When you delete your account, we remove your personal information from our active systems within 30 days, except where we are required to retain specific records by law. Backups containing your data are retained on rotation and are typically purged within 30 days of deletion.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data and account.
  • Export your data in a portable format.
  • Withdraw consent for optional data processing.

Children's Privacy

Runi is not intended for users under the age of 18. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email.

Contact Us

If you have questions about this Privacy Policy or your data, please contact us at [email protected].