Privacy Policy

The short version

• Your raw GPS coordinates are never stored in our database. Each position your phone sends is converted to a hexagon identifier in memory, the hexagon ID is saved, and the latitude and longitude are discarded immediately.
• The only location data we keep is the list of hexagons you visited during a match — never your actual path.
• Completed matches (and every hexagon visit recorded inside them) are auto-deleted within 24 hours of the match ending. Solo Train games are deleted within 20 minutes.
• What survives long-term is your account profile and your career totals (games played, wins, rating, streak) — and only until you delete your account.
• We use Google Sign-In, so we receive your Google account name, email, and profile photo — only what you would share with any app you sign into with Google.
• We do not sell your data. We do not show you ads. We do not use third-party tracking.
• You can delete your account from inside the app at any time, which permanently removes everything we hold about you.

The rest of this document is the full version, written in plain English. The legal precision is real; the legalese is not.

Who is responsible for your data

The data controller is Stefano Tommesani, based in Spain. You can reach us about anything in this policy at info@run4funapp.com.

"Run4Fun," "we," "us," and "our" all refer to the same entity throughout this document.

What we collect, and why

Account information (from Google Sign-In)

When you sign in with your Google account, Google shares with us:

• A unique identifier (Firebase UID) that lets us recognize you across sessions
• Your email address
• Your display name (as set in your Google profile)
• Your profile photo URL (if set)

Legal basis: performance of a contract — we cannot provide the game without identifying who is playing.

Gameplay data (hexagon visits)

While you play a match, your phone sends batches of GPS readings (latitude, longitude, accuracy, speed, time) to our servers. Each reading is converted in memory to a hexagon identifier on the global H3 grid, and the raw latitude and longitude are discarded immediately. They are never written to our database, and they are not written to any of our log files. The buffer table that holds in-flight positions does not have columns for latitude or longitude — only for the hexagon identifier, timestamp, and player/game references.

For each hexagon you cross during a match, we keep a short-lived record containing:

• The hexagon identifier (an H3 index — a short alphanumeric string for one cell on a fixed worldwide grid)
• The match ID
• The time of the visit
• Your player ID

These hexagon-visit records live only as long as the match itself, which is auto-deleted within 24 hours of the match ending (within 20 minutes for solo Train games — see How long we keep things).

Legal basis: performance of a contract — this is how the game works.

We do not store: raw GPS coordinates at any point, your running route, your physical address, your home or workplace location, your stride length, or any reconstruction of where you were over time. Hexagons are coarse — at the default game resolution each cell is around 60 metres across, so we know you crossed a particular cell but never exactly where inside it you were. The hexagon record gives only a rough idea of where you ran, never a trace.

Match results — short-lived, plus career totals

Each match has a short-lived record (who played, who won, how many hexagons each player captured, final scores). That record is auto-deleted within 24 hours of the match ending (within 20 minutes for solo Train games), and deleting it removes every hexagon-visit row attached to that match at the same time.

Separately, your career totals on your profile — total games played, total wins, total hexagons captured, total distance run, your Elo-style rating, current streak — are kept on your account row and updated after each match. These survive past the per-match cleanup and are how leaderboards and your profile page work.

Legal basis: performance of a contract.

Technical logs

Our servers automatically log standard technical information about each API request: timestamp, HTTP method and path, response status, request duration, your Firebase UID once you're signed in, the user-agent string, and the IP address the request came from. These structured access logs are written to a rolling file (kept for 30 days) and to Microsoft Application Insights for diagnostics (default Azure retention, typically 90 days).

Legal basis: legitimate interest in operating the service securely and diagnosing problems.

What we do not do

The following statements are commitments, not aspirations:

• We do not sell your personal data to anyone, ever.
• We do not show ads in the app, and we do not run ad-tracking on the website.
• We do not embed third-party analytics that profile you (Facebook Pixel, Google Ads conversion tracking, etc.).
• We do not store raw GPS coordinates anywhere — not in the database, not in log files, not even temporarily. They are converted to a hexagon identifier in memory the moment they arrive and then discarded.
• We do not reconstruct or store your running route. Only the list of hexagons you crossed in a match is recorded, and that list is deleted with the match.
• We do not share your data with data brokers.
• We do not use your data to train AI models.

Who else processes your data

We use a small set of trusted service providers ("processors" under GDPR) to actually run the service. Each one only sees the data they need:

We have data processing agreements in place with these providers where GDPR requires them. We do not transfer personal data outside the European Economic Area unless that transfer is covered by Standard Contractual Clauses or an adequacy decision.

How long we keep things

What deletion looks like in practice. Most of your gameplay data is already gone within a day of the match it relates to, because completed matches are cleaned up on the schedule above. When you delete your account, we hard-delete your account row and everything still attached to it — your career totals, any recent matches that have not yet been auto-cleaned, every hexagon-visit record we still hold, anything in the GPS processing buffer, and any display-name moderation flags. There is no "Deleted player" placeholder: your account simply ceases to exist.

Account deletion is permanent and irreversible. There is no soft delete, no recycle bin, no grace period, and no backup we can restore from. Once you confirm deletion, your profile, your career totals, your rating, your streak, your past matches, and every record tying you to them are gone — and we have no technical way to bring them back, even if you ask us to. If you sign up again with the same Google account afterwards, you will get a fresh account with everything reset to zero.

Your rights under GDPR

If you are in the EU/EEA, you have the following rights over your personal data. You can exercise any of them at any time by emailing info@run4funapp.com:

• Access — request a copy of what we hold about you
• Rectification — correct anything that is wrong
• Erasure — delete your account and all associated data (also available in-app: Profile → Delete Account). Erasure is permanent: see the warning at the end of How long we keep things.
• Portability — get your data in a machine-readable format
• Restriction — ask us to pause processing in specific circumstances
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent, withdraw it at any time

We will respond to any of these requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Agencia Española de Protección de Datos (the Spanish data protection authority) or your local supervisory authority.

Children

Run4Fun is intended for users aged 16 and older. We do not knowingly collect data from anyone younger. If you believe a minor under 16 has created an account, please contact us and we will delete the account promptly.

Security

We protect your data with industry-standard measures: TLS encryption for all data in transit, encrypted storage at rest, access controls limiting who on our team can see what, secure storage of authentication tokens on your device using the Android Keystore, and regular review of our infrastructure for vulnerabilities. No system is perfectly secure, but we work to make ours as secure as it can reasonably be.

Changes to this policy

If we make material changes to this policy, we will notify you in the app before the changes take effect, so you have a chance to review them. Non-material changes (clarifications, fixes to typos, new contact addresses) will be reflected on this page with an updated "Last updated" date.

Contact

For any privacy question, request, or complaint, email info@run4funapp.com. We aim to respond within 5 working days, and always within the 30-day GDPR limit.