Privacy

Privacy Policy

What Rune collects, why, and the control you have over your own data. We keep it plain because your data should not require a lawyer to understand.

Last updated: 2 July 2026

The short version. Rune collects only what it needs to run your account and your progress. We do not sell your data, we do not share it for advertising, and you can delete everything at any time from inside the app.

Rune is a personal fitness and habit app. This policy explains what Rune collects, why, and the control you have over your own data.

Who we are

Rune is operated from the Netherlands, in the European Union. This means your personal data is handled under European data protection law (the GDPR), and you have the rights described below. If you have any privacy question, you can reach us at runeapp.support@gmail.com.

What we collect

Account information. When you create an account we store your email address and a display name. Sign-in is handled through our backend provider, Supabase.

Waitlist email (before launch). If you join the waitlist on our website, we store your email address so we can notify you about the Rune launch and your spot. We use it only for that, and you can ask us to remove it at any time at the address below.

Your activity in Rune. This is the heart of the app: your daily lock-ins, check-ins, streaks, skill progress, quests, gold, experience, and character state. We store this so your progress is saved and shown back to you.

Party and social activity. If you join a party, the members of that party can see your shared activity, such as your lock-ins, streaks, and reactions. Only people in a party with you can see this. Nothing in Rune is public to the open internet.

Apple Health data (only if you connect it). If you choose to connect Apple Health, Rune reads a small set of values: step count, walking and running distance, workouts, and sleep. This is read-only. Rune never writes to Apple Health, and it only ever reads today's values forward to suggest a check-in you confirm. It never reaches back to import your history. If you do not connect Apple Health, Rune does not touch it at all.

Usage and product analytics. We collect anonymized, aggregated usage patterns to understand how features are used and to improve the app. This is about trends across the app, not about identifying you personally.

Why we collect it

  • To create and secure your account.
  • To save your progress and show it back to you.
  • To make party and social features work.
  • To let you connect Apple Health if you want richer check-ins.
  • To understand what is and is not working so we can make Rune better.

We do not use your data for advertising.

Where your data is stored

Your account and activity data are stored securely with Supabase, our backend and database provider, on servers located in the European Union (Ireland). Your data is not stored in the United States. It is transmitted over encrypted connections. Apple Health data stays on your device and is only read in the moment you use it to check in. It is not copied into long-term storage.

We do not sell your data

We do not sell your personal information, and we do not share it with third parties for their own marketing.

Third parties we rely on

  • Supabase provides our database, authentication, and backend. Your account and activity data live here.
  • Apple HealthKit provides the health values you see, but only if you connect it, and only as a read-only source on your device.

These providers process data on our behalf so Rune can function. We do not hand your data to anyone for advertising.

Keeping and deleting your data

We keep your data for as long as your account is active.

You can delete your account at any time from inside Rune, under settings. Deleting your account removes your account and cascades to your associated data in our database. Once deleted, it is gone and cannot be recovered. If you would rather have us do it for you, email us at the address below and we will handle it.

Your rights

Because we are based in the European Union, you have the following rights over your personal data under the GDPR:

  • Access. Ask us what personal data we hold about you.
  • Correction. Ask us to fix data that is wrong or incomplete.
  • Deletion. Ask us to erase your data, or delete your account yourself from inside the app.
  • Portability. Ask for a copy of your data in a portable format.
  • Objection and restriction. Ask us to stop or limit how we use your data.

To use any of these, email us at runeapp.support@gmail.com. You also have the right to complain to the Dutch data protection authority, the Autoriteit Persoonsgegevens, if you believe we have mishandled your data.

Age and safety

Rune is intended for adults. We do not market Rune to anyone under 18, and it is not designed for younger users. We do not knowingly collect data from anyone under 18, and if we learn that we have, we will remove the account and its data.

Keeping Rune a safe place matters to us. Social features are limited to private parties you choose to join. There is no public profile, no open discovery of strangers, and nothing you do in Rune is visible to the open internet. If you ever come across behavior that puts someone at risk, or you believe a minor is being targeted, contact us at the address below and we will act on it, including removing accounts.

Changes to this policy

If we make meaningful changes to this policy, we will update the date at the top and, where appropriate, let you know in the app.

Contact

Questions about your privacy or your data? Reach us at runeapp.support@gmail.com.