Your runs are yours.

Last updated 2026-05-15 · v0.1

Runstamp is built and operated by Rohith Gilla as a side project. This is a plain-English description of what Runstamp does with your data. The whole codebase is public at github.com/Rohithgilla12/runstamp if you want to read it yourself.

What we collect

From you, directly

Email address + display name when you sign in with Apple, Google, or email/password. Stored in Firebase Authentication.
Photos you choose to include in a share card. Photos stay on your device — they are composed into the share card on-device and the resulting image is saved to your camera roll. We never upload your photo library or the raw photos to our servers.

From Strava (only when you connect it)

Your athlete profile (id, name, photo).
Your activity history — distance, time, pace, heart rate, GPS route, splits, calories, elevation. Read-only; Runstamp never writes anything back to Strava.
An encrypted copy of your Strava access + refresh tokens, used to fetch new activities on your behalf. Encryption is AES-256-GCM with a server-side key.

From Apple Health (only when you grant permission, only on iOS)

Running workouts, heart rate, route, active energy, running power, vertical oscillation, ground contact time, stride length, cadence, VO2 max.
Read-only. Apple requires us to declare a "write" permission to read; we never actually write anything back to Health.
Downsampled to ≤500 points per stream before leaving your device.

What we DON'T collect

Analytics or behavioural tracking (no Google Analytics, no Firebase Analytics, no Aptabase, no Mixpanel — nothing).
Crash reports beyond your device's native logging unless you opt in (we'll prompt before enabling Crashlytics, currently disabled).
Your contacts, calendar, microphone, or any data outside running.
Ad identifiers (IDFA / GAID). Runstamp does not show ads.

What we share

Nothing. Runstamp has no third-party data partners, no ad networks, no analytics SaaS. Sharing a run happens on your device — you tap "Save to camera roll" and post the resulting image to Instagram, WhatsApp, or X yourself. Runstamp never posts on your behalf and never sees those posts.

Where the data lives

Authentication: Firebase (Google Cloud) — your sign-in identity only.
Activities + tokens: a PostgreSQL database on a private VPS (Oracle Cloud, Mumbai region), only reachable through a Cloudflare Tunnel. The database is not exposed to the public internet.
Photos for share cards: never leave your device.

How long we keep it

For as long as your account exists. Account deletion is a single tap in the Runstamp app: Settings → Delete account. We hard-delete your user row + cascade-delete every connected account + every activity within 30 days. Backups are rolled forward within 60 days so a deleted record disappears from the backup line within two months.

Disconnecting Strava

Settings → Connections → Strava → Disconnect. This hard-deletes your encrypted Strava tokens from our database (PRD §9 contract). Already-imported activities remain in Runstamp unless you also tap "Clear my imported activities" — that's a separate decision.

Children

Runstamp is not directed at children under 13. We do not knowingly collect data from anyone under 13.

Security

OAuth tokens are AES-256-GCM encrypted at rest.
HTTPS-only via Cloudflare; no plaintext API traffic.
Firebase ID tokens are short-lived JWTs verified server-side on every request.
The Strava client secret never ships in the mobile app — token exchange happens on the server.

Changes

If this policy changes materially we'll bump the "Last updated" date at the top and surface a notice in the app on next launch.

Contact

Privacy questions, deletion requests, or anything else: email privacy@gilla.fun, or open an issue at github.com/Rohithgilla12/runstamp/issues.