Back to home

Rutz — Privacy Policy

Last Updated: March 5, 2026 Effective Date: March 5, 2026

Rutz ("the App," "we," "us," or "our") is an AI-powered running coaching application for iOS, developed and operated by Itay Naim, based in Israel. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using Rutz, you agree to the collection and use of your information as described in this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Account Information

When you create a Rutz account, we collect:

  • Your name (or a display name you choose)
  • Email address (provided via Apple Sign In or direct registration)
  • Basic profile details you provide: age, weight, height, maximum heart rate, running experience level, and race goals

1.2 Garmin Activity Data

When you connect your Garmin account, we retrieve the following data from the Garmin Connect API with your explicit permission:

  • Run metrics: distance, duration, pace, speed, elevation gain/loss, calories, steps, lap count
  • Heart rate data: average and maximum heart rate, time spent in each heart rate zone (zones 1–5), resting heart rate
  • Running dynamics: cadence, ground contact time, ground contact balance, vertical oscillation, vertical ratio, stride length
  • Power metrics: average power, maximum power, normalized power
  • Training metrics: VO2 max estimates, aerobic and anaerobic training effect, training load
  • Environment data: temperature, estimated water loss
  • GPS data: start and end coordinates of activities, elevation profiles
  • Per-kilometer split data: pace, heart rate, cadence, ground contact time, vertical oscillation, stride length, elevation change, and power for each split segment

1.3 Daily Health Metrics

With your Garmin connection, we also retrieve daily health data including:

  • Resting heart rate and heart rate variability (HRV)
  • Sleep score and sleep duration
  • Stress levels
  • Body Battery (high and low values)
  • Training readiness score
  • Respiration rate and blood oxygen (SpO2) levels

1.4 User-Provided Information

You may voluntarily provide additional information through the App, including:

  • Injury records: body area, injury type, severity, status, and notes
  • Daily check-ins: sleep quality, energy level, muscle soreness, and free-form notes
  • AI coach conversations: questions you ask the AI coach and the responses generated

1.5 Automatically Collected Information

When you use the App, we automatically collect minimal technical data:

  • Device language/locale preference
  • App version and iOS version (via standard HTTP headers)
  • Server request logs (timestamps, endpoint accessed, response status)

We do not use any third-party analytics, tracking, or advertising SDKs. We do not collect device identifiers (IDFA), advertising identifiers, or hardware fingerprints.

2. How We Collect Your Data

2.1 Garmin Connect API

We access your Garmin data exclusively through the Garmin Connect API. You must explicitly grant permission to connect your Garmin account. We access your data in read-only mode — we never write data back to Garmin or modify your Garmin account in any way.

You can disconnect your Garmin account at any time through the App settings, which will stop all future data retrieval.

2.2 Direct Input

Profile information, injury records, daily check-ins, and AI coach conversations are collected directly from your interactions with the App.

2.3 Apple Sign In

If you use Apple Sign In, Apple provides us with your name and email address (or Apple's private relay email, if you choose to hide your email). We do not receive your Apple password or any other Apple account data.

3. How We Use Your Data

We use your data for the following purposes:

  • AI-powered coaching: Your activity data, health metrics, and training history are analyzed by AI models to generate personalized coaching recommendations, run analyses, weekly summaries, and answers to your training questions.
  • Training plan management: We track your progress against your training plan and provide adaptive recommendations based on your performance and recovery.
  • Fitness scoring: We compute composite fitness scores (including aerobic fitness, training load, recovery, and running economy metrics) to give you a holistic view of your training status.
  • Trend analysis: We analyze your data over time to identify performance trends, detect anomalies, and generate insights about your training.
  • App functionality: To operate the App, sync your data, and provide the core features you expect.

We do not use your data for advertising, marketing profiling, or any purpose unrelated to providing you with running coaching.

4. Third-Party Services

Rutz integrates with the following third-party services:

4.1 Garmin Connect (Garmin International, Inc.)

We use the Garmin Connect API to retrieve your activity and health data. Garmin's processing of your data is governed by Garmin's Privacy Policy.

4.2 OpenAI / Anthropic (AI Processing)

We use AI language models (currently OpenAI's GPT-4o-mini) to power the coaching features of the App. When you interact with the AI coach or receive run analyses, the following data is sent to the AI provider:

  • Sent: Activity metrics (distance, pace, heart rate, cadence, training load), health summaries (HRV, sleep, readiness), recent training history, and your question or conversation context.
  • Not sent: Your name, email address, Apple ID, GPS coordinates, device information, or any other personally identifiable information.

AI API providers process this data in real time to generate coaching responses. Under our API agreements, this data is not used to train the providers' AI models, and is not permanently stored by the AI provider beyond the duration needed to process the request. For details, refer to OpenAI's API Data Usage Policy and Anthropic's Privacy Policy.

4.3 Fly.io (Cloud Hosting)

Our backend server and database are hosted on Fly.io, with the primary server located in Frankfurt, Germany (EU). Fly.io provides the compute and persistent storage infrastructure. Data is encrypted in transit via HTTPS. Fly.io's privacy practices are governed by Fly.io's Privacy Policy.

4.4 Apple (App Distribution)

The App is distributed through the Apple App Store. Apple may collect data related to your download and use of the App in accordance with Apple's Privacy Policy.

5. Data Storage and Security

5.1 Where Your Data Is Stored

Your data is stored in an encrypted SQLite database on a persistent volume hosted by Fly.io in Frankfurt, Germany (EU). Garmin authentication tokens are stored on the same secured persistent volume.

5.2 Security Measures

We implement the following security measures to protect your data:

  • Encryption in transit: All communication between the iOS app and our server uses HTTPS/TLS encryption.
  • Secure credential management: All API keys, passwords, and tokens are stored as encrypted environment variables — never hardcoded in source code.
  • Parameterized database queries: All database operations use parameterized SQL to prevent injection attacks.
  • Minimal data exposure: We send only the minimum necessary data to AI APIs, excluding all personally identifiable information.
  • No third-party tracking: We use zero analytics SDKs, advertising frameworks, or tracking tools.

5.3 Limitations

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

6. Data Retention and Deletion

6.1 Retention

Your data is retained for as long as your account is active and you continue to use the App. AI conversation history (your questions and the AI coach's responses) is stored to maintain coaching continuity.

6.2 Deletion

You may request deletion of all your data at any time. Upon deletion, we will permanently remove:

  • All activity data and per-kilometer splits
  • Daily health metrics
  • Training plan data and progress
  • AI coaching history and analyses
  • Runner profile and fitness scores
  • User profile information (name, age, weight, etc.)
  • Injury records and daily check-ins
  • Garmin connection tokens

To request deletion, use the "Delete Account" option in the App's Settings, or contact us at itaynaim@gmail.com. We will process deletion requests within 30 days.

6.3 Post-Deletion

After deletion, some data may temporarily persist in server backup systems for up to 30 additional days before being fully purged. Data that has already been sent to AI APIs for processing cannot be retroactively deleted from those providers, but as noted above, AI API providers do not permanently retain this data under our API agreements.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 For All Users

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of all your data (see Section 6).
  • Withdraw consent: Disconnect your Garmin account or delete your Rutz account at any time.
  • Data portability: Request your data in a machine-readable format.

7.2 For EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is your explicit consent (connecting your Garmin account, using AI coaching features) and the legitimate interest of providing the App's services.

Our server is hosted in Frankfurt, Germany (EU), meaning your data is stored within the EU.

7.3 For Israeli Users

If you are located in Israel, your data is protected under the Israeli Privacy Protection Law, 5741-1981 (חוק הגנת הפרטיות). You have the right to access, correct, and delete your personal data. You may contact the Israeli Privacy Protection Authority (הרשות להגנת הפרטיות) with any concerns.

7.4 Exercising Your Rights

To exercise any of these rights, contact us at itaynaim@gmail.com. We will respond to your request within 30 days.

8. Data Sharing

We do not sell, rent, or trade your personal data to any third party.

We share data only with the third-party services described in Section 4 (Garmin, AI providers, Fly.io, Apple), and only to the extent necessary to provide the App's core functionality. We will never share your data with advertisers or data brokers.

We may disclose your data if required by law, court order, or governmental request, or if necessary to protect our rights, property, or safety.

9. Children's Privacy

Rutz is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at itaynaim@gmail.com and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by other appropriate means before the changes take effect. The "Last Updated" date at the top of this policy will always reflect the most recent revision.

Your continued use of the App after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Itay Naim Rutz Email: itaynaim@gmail.com Location: Israel

This Privacy Policy is written in English. In the event of any conflict between translated versions and the English version, the English version shall prevail.