Privacy Policy

Last updated: April 2026

1. Overview

Steady (runsteady.fit) is operated as a private beta service. This policy explains what personal data we collect, how we use it, and your rights under Singapore's Personal Data Protection Act 2012 (PDPA). By using Steady, you consent to the collection and use of your data as described here.

2. Minimum age

Steady is intended for users aged 13 and above. By signing up, you confirm you meet this requirement.

3. What we collect

• Account information: name, email address, year of birth
• Training profile: goals, target pace, target date, training frequency, Hyrox division and category
• Session data: distance, pace, duration, effort rating, heart rate, notes, GPS files, watch screenshots
• Device data: theme preference and UI state stored locally in your browser (localStorage)
• Strava data (if connected): athlete ID, access token, recent activity data
• Payment data: handled entirely by Stripe — we never store card details

4. How we use it

Your data is used solely to:

• Generate and adapt your training plan
• Analyse logged sessions and produce coaching feedback
• Provide feasibility assessments on your goals
• Improve product reliability via error monitoring and anonymous analytics

Your data is never sold to third parties or used for advertising.

5. Third-party processors

To provide the service, your data is processed by the following third parties. All are bound by contractual obligations to handle data responsibly:

• Anthropic (US) — AI API provider. Session data, training context, and goals are sent to Anthropic's Claude API to generate coaching feedback and training plans. Anthropic processes this data solely to return API responses and does not use it to train models.
• Supabase / AWS (US) — Database and file storage. All training data, session logs, and plans are stored here.
• Clerk (US) — Authentication provider. Manages sign-in, sign-up, and session tokens.
• Stripe (US) — Payment processor. Handles subscription billing. Card details are never shared with us.
• Vercel (US) — Hosting and serverless functions. Processes all web requests.
• Sentry (US) — Error monitoring. Captures application errors including user ID and triggering action. Never captures personal training data or payment information.
• PostHog (US) — Product analytics. Tracks feature usage and drop-off rates. Data is anonymous and never linked to personally identifiable information beyond an internal user ID.

By using Steady, you consent to your data being transferred to and processed in the United States by the above providers. We take reasonable steps to ensure these providers offer comparable protection to Singapore's PDPA standards.

6. Data retention

• Active accounts: data retained for the duration of your account
• Deleted accounts: all training data, sessions, and plans permanently deleted within 30 days of account deletion
• Error logs: retained for 90 days then automatically purged
• Analytics: retained in anonymous, aggregated form indefinitely

7. Your rights

Under the PDPA, you have the right to:

• Access a copy of your personal data — download from your Profile page at any time
• Correct inaccurate data — edit from your Profile page
• Delete your data — delete your account from your Profile page; all data removed within 30 days
• Withdraw consent — contact us at privacy@runsteady.fit

8. Cookies and local storage

Steady does not use tracking cookies. We use browser localStorage to store your theme preference (light/dark) and UI state (dismissed banners). This data never leaves your device.

9. Contact

For privacy-related questions or requests: privacy@runsteady.fit