Privacy Policy

Who we are

BuildYourRun ("we", "us") is a free running training plan tool. We take your privacy seriously. This policy explains what data we collect, why, and how it is protected.

What data we collect

Without an account: No personal data is collected. The plan builder runs entirely in your browser. We do not use analytics trackers or advertising cookies.

With an account: We store your email address, a bcrypt-hashed password (irreversibly encrypted — we cannot read your password), your display name (optional), and the training plans you save.

Technical data: When you log in, your IP address and browser user-agent are stored with your session for security purposes (detecting suspicious access). This data is deleted automatically after 30 days of inactivity.

Cookies

We use one functional cookie (byr_session) to keep you logged in. This cookie is:

• HttpOnly — not readable by JavaScript
• Secure — only sent over HTTPS
• SameSite=Strict — cannot be sent by third-party sites
• Expired after 30 days of inactivity

We do not use advertising, tracking, or analytics cookies. We do not use Google Analytics or any third-party tracking service.

How we protect your data

• Passwords are hashed with bcrypt (cost factor 12) — irreversible. Even we cannot read them.
• All connections are encrypted via HTTPS/TLS.
• All database queries use prepared statements to prevent SQL injection.
• Login attempts are rate-limited to prevent brute-force attacks.
• Your plan data is only accessible to your account.

Your rights (GDPR)

Under GDPR you have the right to access, correct, or delete your personal data at any time. You can delete your account and all associated plans from your dashboard. For other requests, contact us at the email below.

Data retention

Account data is retained until you delete your account. Inactive sessions are purged after 30 days. Rate-limit records are purged after 1 hour.

Contact

Questions about this policy? Email us at privacy@buildyourrun.com.