Privacy Policy

XYBERRUN Privacy Policy

This Privacy Policy explains how XyberRun ("we", "us", or "our") collects, uses, discloses, and safeguards information when you use our mobile apps, website (including xyberrun.io), and related services (collectively, the "Service").

1. Information we collect

You provide

Automatically or from integrations

Blockchain / digital assets (if offered)

If we offer wallet or on-chain features, we may collect wallet addresses, transaction-related data, and age verification data as required for those features.

Storage: Core account and application data for the Service (including early-access signups on xyberrun.io) is stored in PostgreSQL databases hosted by Neon (managed cloud PostgreSQL).

We do not sell your personal data for money.

Account & profile: email, username, password (or equivalent), profile photo, bio, gender, birthday (where

Body metrics (optional): for example height and weight when you use features that rely on them for estimates.

Profile location: country, city, and state or region (for example when you sign up, edit your profile, or use

Emergency & medical (optional): emergency contact (name, phone, relationship) and medical information you

Content you create: posts, comments, messages, runs, routes, and similar.

Device & usage: device type, OS, app interactions, diagnostics, crash data, and similar data used to operate

Location: GPS routes and activity location when you record or share activities; we may also use device or

Authentication: when you use Google, Apple, or X sign-in, we receive identifiers and profile information the

Third-party devices or apps if you connect them.

2. How we use information

We use information to:

Create and manage accounts; authenticate users.

Provide run tracking, stats, leaderboards, social, challenges, events, and related features.

Compute fitness estimates (for example VO₂ max, lactate threshold, power) where offered; these are estimates only, not medical

Secure the Service, detect abuse, and prevent fraud.

Send service and account-related messages (for example password resets or critical notices).

Improve the product through aggregated or anonymized analytics.

Display emergency and medical information on screens you enable (such as during an active run) and transmit it to your

3. Sign in with Google, Apple, and X; Clerk

Sign-in and account security are provided through our authentication partner Clerk. Clerk processes authentication on our behalf as described in their documentation and policies ( Clerk Privacy Policy).

Your use of Google, Apple, and X is also governed by their respective terms and privacy policies (for example X Privacy Policy and X Terms of Service).

4. Location and maps

You can limit location permissions in device settings; doing so may limit GPS-based features.

GPS is used to record routes and activities when you use those features.

We may use device or entered location to help fill or confirm profile location fields.

On your profile, others may see country (for example a flag), and city/region text depending on your privacy settings. Country

Maps, routes, and activity location when you share or post are controlled in run/share flows as well as through profile settings.

5. Profile visibility and privacy controls

You can control aspects of your information in the app (for example under Settings → Privacy), which may include who can see your name, city/region, activity maps, routes, DMs, birthday, and social links (subject to app version and feature availability). Account actions such as correcting data, export or download where offered, account deletion, and marketing preferences where applicable.

6. Emergency and health data

Emergency and medical information is optional. Such data is:

You can add, edit, or delete this data in Settings > Safety & Emergency (or equivalent) in the app.

Encrypted at rest in our PostgreSQL database (hosted on Neon).

Shown only on screens you enable (such as the active run screen).

Sent to your designated emergency contact only when a fall-detection (or similar) alert triggers, as described in the product.

Not sold to advertisers or data brokers; not used for advertising profiling.

7. Sharing information

We may share information:

We do not sell your personal information to third parties (as commonly understood in U.S. state privacy laws).

With other users according to your visibility settings and what you post or share.

With service providers that help us host the Service, store data (including Neon), authenticate users (Clerk), send email,

For legal or safety reasons when required by law or to protect rights, safety, or the public.

8. Data security

We use technical and organizational measures (such as encryption in transit, encryption for certain sensitive data at rest, access controls, and monitoring) appropriate to the nature of the Service. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Data retention and your choices

We retain information while your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. You may request deletion of your account and associated personal data in the app (where available) or by contacting us. Some data may persist in backups for a limited period or where law requires retention.

10. Children's privacy (COPPA)

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13 in a manner inconsistent with COPPA and similar laws. If you believe we have collected information from a child under 13, contact us at [email protected] and we will take appropriate steps, including deletion where required.

11. Blockchain and digital assets (if offered)

If we offer crypto or NFT features, they are financial in nature and may be limited to users 18+. We may process wallet-related data and verification data as described in this policy and as required by law. Third-party wallet or network providers' practices apply to data they collect.

12. International transfers

Your information may be processed in the United States and other countries where we or our service providers operate. Those countries may have different data protection laws. Where required, we use appropriate safeguards.

13. Third-party links

The Service may link to third-party sites or services. We are not responsible for their privacy practices. Review their policies before providing information.

14. Cookies and similar technologies

Our website may use cookies or similar technologies as described in our site practices. The mobile apps may use local storage, analytics, and crash reporting as needed to operate and improve the Service. You may control some tracking through device or browser settings.

15. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, port, object to, or restrict certain processing, or to withdraw consent where processing is consent-based. To exercise rights, contact [email protected]. We may verify your request as permitted by law.

16. California residents (CCPA/CPRA)

California residents may have additional rights under the CCPA/CPRA, including rights to know, delete, and correct personal information, and to opt out of certain sales or sharing (we do not sell personal information for money). We do not use sensitive personal information for purposes beyond permitted business purposes. To submit a request, contact [email protected].

17. European Economic Area (GDPR)

If you are in the EEA (or where GDPR applies), our legal bases may include contract, legitimate interests (for example security and product improvement), consent (where required), and legal obligation. You may have rights to access, rectification, erasure, restriction, portability, and objection; you may lodge a complaint with a supervisory authority.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy in the app and/or on our website and update the "Last updated" date. Material changes may include additional notice where required by law.

19. Contact

Privacy questions: [email protected]

General support: [email protected]

Data protection contact: [email protected]

Last updated: April 2026