Privacy Policy

Last updated: April 27, 2026

1. Introduction

TrailRun ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal data when you use our mobile application and website.

2. Data Controller

Name: Kilian Fradet

Email: contact@trailrunapp.com

3. Data We Collect

We collect the following categories of personal data:

Account Information

  • Email address
  • Name (optional)
  • Password (encrypted)

Profile Information

  • Gender
  • Fitness level
  • Training goals
  • Selected coach preference

Training Data

  • Workout history (distance, elevation, duration)
  • GPS route data during tracking sessions
  • Performance statistics and progression

Technical Data

  • Device type and operating system
  • Language preference

4. Google User Data

If you choose to sign in using Google OAuth, our application will request access to specific Google user data. We comply with all Google API Services User Data Policy requirements:

  • Data Collected: We only collect your email address, name, and profile picture provided by Google authentication to create and manage your TrailRun account.
  • Data Usage: We strictly use this Google user data to provide you with the services you requested (authentication and account management). We do not use Google user data for targeted advertising, training AI models, or any other prohibited purposes.
  • Data Sharing: We do not transfer, disclose, or sell your Google user data to third parties. It is only shared with our secure authentication provider (Supabase) to maintain your login session.
  • Data Protection: Security procedures and encryption are in place to protect the confidentiality of your Google user data both in transit and at rest.

5. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To provide personalized training programs
  • To track your workouts and display performance statistics
  • To improve and optimize our application
  • To send you important service-related notifications

6. Legal Basis for Processing

We process your personal data based on the following legal grounds (in accordance with GDPR):

  • Contract performance: Processing necessary to provide our services to you
  • Legitimate interest: Improving and securing our application
  • Consent: When you explicitly agree (e.g., GPS tracking)

7. Data Storage and Security

Your data is stored securely on Supabase infrastructure with encryption at rest and in transit. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Passwords are hashed and never stored in plain text.

8. Data Sharing

We do not sell your personal data to third parties.

We may share your data only with the following service providers, strictly necessary for the operation of the application:

  • Supabase: Authentication and database hosting
  • Apple (App Store): Subscription and payment processing

9. Data Retention and Deletion

We store your personal information and Google user data for a period of time that is consistent with our business purposes (as long as your account is active).

You may request for your data to be deleted at any time through the application settings. When the data retention period expires or upon your deletion request, we will delete or destroy it permanently from our servers within 30 days.

10. Your Rights

Under the General Data Protection Regulation (GDPR) and applicable French law, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to restriction: Restrict the processing of your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to certain types of processing

To exercise any of these rights, please contact us at contact@trailrunapp.com. We will respond within 30 days.

11. Cookies

Our website uses localStorage to save your language preference. This is not a tracking cookie and does not collect personal data. No third-party cookies or trackers are used on our website.

12. Children's Privacy

TrailRun is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13. If you become aware that a child has provided us with personal data, please contact us so we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the application or by email. Your continued use of TrailRun after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: contact@trailrunapp.com

You also have the right to lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.