Privacy Policy

Last updated: May 7, 2026

Introduction

Heyfox Running ("Heyfox", "we", "our", or "us") provides a running coaching app for iPhone and Apple Watch. This Privacy Policy explains what information we collect, how we use it, when it may be processed by service providers, and the choices you have.

Running, health, route, and coaching data can be sensitive. We do not sell personal data, we do not use it for advertising, and we only use HealthKit-derived data to provide, personalize, secure, and improve the running coaching experience you request.

Who Controls Your Data

The data controller for Heyfox Running is Anthony Deniau, France. For privacy questions or requests, contact us at anthony.deniau@gmail.com.

Information We Collect

Account Information

  • Sign in with Apple account identifiers.
  • Email address and name, if Apple provides them and you choose to share them.
  • Backend account identifiers, session records, and authentication tokens. Tokens stored on our servers are hashed.
  • Support messages or privacy requests you send to us.

Health, Fitness, and Workout Data

With your permission, the app reads selected Apple Health and HealthKit data to build and adapt your running plan. Depending on what is available on your device, this may include:

  • Running workouts, including start and end times, duration, distance, pace, speed, and energy.
  • Workout route data, including latitude, longitude, altitude, timestamps, and location accuracy.
  • Heart rate, resting heart rate, heart rate variability, and VO2 max estimates.
  • Sleep, step count, active energy, running power, stride length, ground contact time, and vertical oscillation.
  • Summaries, buckets, and bounded metric samples associated with synced workouts.

Important: HealthKit access is optional and controlled by Apple. You can revoke Health permissions at any time in iOS Settings. When you choose to export a planned workout, Heyfox may write that planned workout to Apple Health / Apple Watch. We do not use HealthKit data for advertising or marketing.

Coaching and Training Content

  • Running goals, constraints, availability, preferences, and onboarding answers.
  • Training plans, planned sessions, workout exports, completed-workout matches, and progress summaries.
  • Messages you send to the coach and assistant replies generated for you, including runner-reported context such as fatigue, soreness, preferences, and scheduling constraints.
  • Coaching memory, such as saved preferences, constraints, and goal context.

Purchases and Subscription Data

  • App Store subscription status, product identifiers, transaction identifiers, entitlement state, and renewal/expiration dates.
  • StoreKit transaction evidence needed to verify paid access.

Technical and Website Data

  • Device, app, request, and diagnostic information needed to operate, secure, debug, and improve the service.
  • Website analytics and performance data from Vercel Analytics and Vercel Speed Insights when you visit heyfox.io.

How We Use Your Information

  • Account and access: To authenticate you, keep your session available, and verify subscription access.
  • Personalized running coaching: To build plans, explain workouts, adapt training load, and answer coaching questions.
  • Workout interpretation: To summarize completed runs, compare them with planned sessions, and generate post-run insights.
  • Health and safety boundaries: To keep advice within wellness and running-performance coaching, without diagnosis or treatment.
  • Service operation: To host the backend, secure requests, debug failures, monitor reliability, and prevent abuse.
  • Legal compliance: To comply with App Store, tax, accounting, security, or legal obligations.

AI and Service Provider Processing

Heyfox may use third-party service providers to run parts of the service. These providers process data only to provide services to us and are not allowed to use your data for their own advertising.

  • Apple: Sign in with Apple, HealthKit, Apple Watch, StoreKit, subscriptions, and App Store purchase processing.
  • Cloud hosting and databases: To run the API, store account/coaching/workout data, and serve the website.
  • AI service providers (xAI / Grok API and OpenAI API): To generate coaching replies, training plans, workout summaries, plan adjustments, and safety-bounded running guidance from structured context.
  • Observability and diagnostics providers: To monitor reliability, errors, latency, and service health.
  • Website analytics providers: To understand aggregate website traffic and performance.

The production app currently uses the xAI business API rather than the consumer Grok app. We may also use the OpenAI API platform for the same coaching purposes depending on model quality, availability, latency, safety, and product needs. According to xAI's enterprise terms and data processing addendum, and OpenAI's API data controls and business privacy commitments, business/API inputs and outputs are processed on behalf of customers and are not used to train provider models unless a customer separately agrees otherwise. We do not opt in to training on user data.

We design AI prompts and tools to use bounded, task-relevant coaching context where possible. However, health-derived summaries, workout metrics, route-derived facts such as elevation or terrain signals, goals, preferences, and coach messages may be processed by our backend and our AI service providers, currently xAI / Grok API and potentially OpenAI API, when needed to provide the requested coaching feature. We do not send HealthKit data to AI providers for advertising, marketing, data brokerage, insurance, or employment decisions.

For AI coaching metric prompts, we use de-identified, bounded metric summaries where possible. These summaries are designed to exclude HealthKit source identifiers, raw route coordinates, raw HealthKit samples, chart points, and exact workout timestamps before provider processing. We may still process health-derived metrics such as distance, duration, heart rate, sleep, HRV, running dynamics, and elevation summaries when they are needed for the coaching feature you request.

HealthKit Data Handling

In line with Apple's HealthKit rules:

  • HealthKit data is used only for the core health, fitness, and running coaching functionality of the app.
  • HealthKit data is not used for advertising or marketing.
  • HealthKit data is not sold to data brokers, advertisers, insurance companies, employers, or similar third parties.
  • HealthKit data is not shared with third parties for their independent marketing or advertising purposes.
  • HealthKit-derived summaries may be processed by Heyfox and our AI service providers, such as xAI / Grok API or OpenAI API, only to provide the health, fitness, and running coaching functionality you request.
  • You can revoke HealthKit permissions at any time in iOS Settings.

Data Sharing

We may share information only in limited circumstances:

  • Service providers: With vendors that help us host, operate, secure, analyze, or provide the app.
  • AI service providers: With providers such as xAI / Grok API or OpenAI API when needed to generate coaching, training plans, workout interpretation, or plan adjustments.
  • Apple and App Store systems: For HealthKit, Sign in with Apple, App Store subscriptions, and purchase verification.
  • Legal requirements: If required by law, regulation, legal process, or to protect rights, safety, and security.
  • At your direction: If you choose to export or share data through a feature we make available.

Security

  • Data sent between the app, website, and our services is encrypted in transit using HTTPS/TLS.
  • Authentication tokens stored on our backend are hashed; app session credentials are stored in the iOS Keychain.
  • Access to production systems is limited to what is needed to operate the service.
  • No system is perfectly secure, but we use technical and organizational measures appropriate for the sensitivity of the data.

Data Retention and Deletion

  • We keep account, coaching, workout, route, and subscription entitlement data while your account is active and as needed to provide the service.
  • xAI's enterprise terms state that business API user content is automatically deleted within 30 days unless legal, safety, compliance, or moderation exceptions apply. OpenAI's API data controls state that API data is not used for training by default, and abuse-monitoring logs are retained for up to 30 days unless legal requirements require longer retention.
  • You can request deletion from inside the app without contacting support.
  • Account deletion removes or anonymizes your account identity, sessions, coaching data, plans, HealthKit sync records, workout route samples, metric samples, post-run insights, and subscription entitlement records from active systems.
  • We may retain minimal operational records, deletion request records, backups until rotation, and records required for legal, tax, fraud-prevention, security, or App Store obligations.
  • Apple may retain App Store purchase and subscription records according to Apple's own policies.

Your Rights and Choices

Depending on your location, you may have rights to:

  • Access personal data we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Receive a portable copy of certain data.
  • Object to or restrict certain processing.
  • Withdraw HealthKit permissions in iOS Settings.
  • Manage or cancel subscriptions in your Apple ID settings.

To exercise privacy rights, contact us at anthony.deniau@gmail.com.

Children's Privacy

Heyfox Running is not intended for children under 13. If you are under the age of legal majority in your country, you should use the app only with permission from a parent or guardian. We do not knowingly collect personal information from children under 13.

International Transfers

We and our service providers may process data in countries other than your country of residence. Where required, we use appropriate safeguards for international transfers, such as contractual protections or other lawful transfer mechanisms.

Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as updating the app, website, or contacting you when appropriate.

Contact Us

If you have questions about this Privacy Policy or our data practices:

← Back to Home