Due Privacy Policy
Effective July 6, 2026 · applies to the Due iOS app and due.run
Due is a training companion for runners, built and operated by Jacob Ellison ("we", "us"). This policy describes what data Due collects, why, and the control you have over it. The short version: your training data is yours, it exists in Due only to power your own dashboards, and we don't sell it or use it for advertising.
Data we collect
- Account information. When you sign in (Google or Strava), we receive your name, email address, and profile picture to create your account.
- Training data from Strava. If you connect Strava, we import your running activities: distance, time, pace, routes (GPS traces), elevation, heart-rate data when your devices record it, laps, and similar activity details. We use it to compute your training insights (weekly mileage, quality-session detection, pace trends, race predictions).
- Training plans and content you add. Plans you install, edits you make, notes, shoes, and photos you attach to runs or shoes.
- Location. The app requests location permission only to center the map when you browse or draw routes. Your live location is not tracked, stored, or shared.
- Diagnostics. Crash reports and error diagnostics (via Sentry) so we can fix problems. These may include device model, OS version, and the state of the app at the time of an error — not your training history.
How your data is used
- To show you your own training dashboards, plan progress, and insights.
- To detect quality sessions and adapt weekly recommendations — computed from your own history, on our servers, for you alone.
- To fix bugs and keep the service healthy.
We do not sell your data, share it with advertisers, or use it to train machine-learning models unrelated to your own features.
Where it lives
Your data is stored with Supabase (Postgres database and file storage, hosted in the United States) and processed on Google Cloud. Map tiles are served by Mapbox, which receives the map coordinates needed to render maps. Weather context for a run is fetched from a weather provider using the run's start coordinates. Strava data is handled in accordance with the Strava API Agreement.
Your controls
- Disconnect Strava at any time in Settings — this deletes all Strava-sourced activities from Due and revokes Due's access with Strava.
- Delete your account in Settings — this permanently deletes your account and all associated data: activities, plans, photos, shoes, and connection tokens.
- Revoke from Strava's side — deauthorizing Due in your Strava settings triggers the same deletion of your Strava-sourced data in Due.
- You can also email us (below) to request a copy or deletion of your data.
Retention
Data is retained while your account exists. When you delete your account or disconnect a data source, the corresponding data is deleted from our production systems promptly; residual copies in encrypted backups expire on the backup rotation schedule.
Children
Due is not directed to children under 13, and we do not knowingly collect data from them.
Changes
If this policy changes materially, we'll update this page and note the new effective date above.
Contact
Questions or requests: jake.s.ellison@gmail.com
Due · due.run