Privacy Policy
Last updated: 9 February 2026
This Privacy Policy explains how Runqo ("we", "us", "our") processes personal data when you use the Runqo mobile application and website (the "Service").
This policy applies to:
- The Runqo mobile app (iOS & Android)
- The Runqo website / landing page
- All related services
1. Data Controller
- Data Controller: Dušan Pantić
- Postal address: Vlade Danilovica 1B, 14000 Valjevo
- Email: privacy@runqo.app
2. Data We Collect
Account Data
- Username
- Email address
- Password (securely hashed)
- Google account data (if using Google Sign-In)
Profile Data (Optional)
- First and last name
- Date of birth
- City and country
- Height and weight
- Gender
- Favourite race category
- Shirt size
- Profile photo
Profile photos are stored in secure S3-compatible object storage.
Race Activity Data
- Race registrations
- Favourite races / interests
- Gift or merchandise selections
Device & Technical Data
- Device platform (iOS/Android)
- Device name (optional)
- Push notification token
- Device activity timestamps
- Secure authentication tokens
Location Data
- Foreground location permission to display race meetup points
- No background or continuous tracking
- Map services may process IP-based location
Photos
Users may upload a profile picture.
Website Data
When visiting the website:
- Cookies (where used)
- Server access logs (IP address, browser)
Organization Data
For race organizers:
- Organization membership and ownership information
3. Data We Do NOT Collect
We do not:
- Process payments or credit card data
- Use third-party ad networks
- Track users in background location
- Sell personal data
4. Purposes & Legal Bases
| Purpose | Legal Basis |
|---|---|
| Account creation & login | Contract |
| Profile management | Contract |
| Race discovery & registration | Contract |
| Push notifications | Consent |
| Account and security emails (registration confirmation, service-critical notices) | Contract / Legitimate interest |
| Race reminder emails (optional) | Consent |
| Maps display | Contract |
| App analytics (if enabled) | Legitimate interest |
| Sponsored content display | Legitimate interest |
| Personalized race recommendations | Legitimate interest |
5. Sponsored Content
The app displays sponsored commercial content managed internally. It is not served via advertising networks, is not personalized, and no ad tracking is performed.
6. Profiling
Limited profiling is used to recommend races based on favourite race category. This has no legal or significant effect. You may object at any time.
7. Third-Party Services
We use:
| Service | Purpose |
|---|---|
| Firebase | Authentication, push notifications, analytics (if enabled) |
| Google Sign-In | Social login |
| Mapbox | Map display |
| Hetzner | Backend hosting and object storage (Germany) |
| Cloudflare | Website hosting, delivery, and security |
| Amazon Web Services (SES) | Transactional email delivery |
These providers may process data outside the EU under appropriate safeguards.
8. Data Retention
| Data | Retention |
|---|---|
| Account data | Until account deletion |
| Profile data | Anonymized on deletion |
| Race registrations | Retained in anonymized form |
| Profile photos | Deleted when replaced or account deleted |
| Refresh tokens | 7 days (expired retained up to 30 days) |
| Device tokens | Until removal or account deletion |
| Analytics data | Per Firebase settings |
| Local app data | Until uninstall |
9. Security
We use HTTPS encryption, secure token storage, password hashing, rate limiting, and secure image upload mechanisms.
10. Your Rights
You have the right to:
- Access data
- Correct data
- Delete account
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent
- Lodge a complaint with a supervisory authority
Account deletion is available in-app.
11. Push Notifications
Push notifications are sent only with consent. You can disable them in device settings.
12. Email Communications
We use your email address to send:
Essential service emails (required):
- Account registration confirmation
- Security notifications or important service-related updates
These emails are necessary to provide the Service and cannot be disabled while you maintain an account.
Optional reminder emails:
- Race reminders and event-related notifications
These are sent only with your consent and can be disabled at any time in the app settings.
We do not send marketing newsletters or promotional emails.
Emails are delivered via Amazon Web Services (SES) or a secure SMTP provider.
13. Children
The Service is not directed to children under [MINIMUM AGE].
14. Calendar Access
The app may add race events to your device calendar with permission. Contacts are not transmitted to our servers.
15. Cookies (Website)
The website may use essential and analytics cookies where applicable.
16. International Transfers
Some providers (e.g., Google services) may process data outside the EU under Standard Contractual Clauses.
17. Changes
We may update this policy. Users will be notified in the app or by email.
18. Contact
Privacy inquiries: privacy@runqo.app