RunLine
FAQ
EN · DE
← Back
§ LEGAL · PRIVACY

Privacy Policy

EFFECTIVE · 22 JUNE 2026 VERSION · 1.6

This Privacy Policy explains what information RunLine collects when you use our website and our Meta Quest application, how we use that information, and the choices you have. We've tried to write it in plain English. If anything is unclear, email us at mail@getrunline.app.

CONTENTS
  1. Who we are
  2. What we collect
  3. How we use it
  4. Mixed-reality & sensor data
  5. Third-party services
  6. Data retention
  7. Your rights
  8. Children
  9. Changes to this policy
  10. Contact

§ 01Who we are

RunLine ("we", "us") is the operator of the RunLine website and the RunLine mixed-reality application for Meta Quest. This policy applies to both.

§ 02What we collect

  • Account information: your email address and, optionally, your name and role (handler, trainer, facility) when you join the waitlist or create an account.
  • Course files: agility courses you import, create or save inside RunLine. These stay tied to your account.
  • Device & usage information: headset model, app version, session length, crash reports and anonymised usage analytics so we can fix bugs and improve the product.
  • Support correspondence: messages you send us and our replies.
  • Beta-program metadata (closed-beta phase only): timestamps of your invitation and acceptance, an internal prioritisation and notes layer for operator-side onboarding management, a counter for unaccepted invitations, and optionally the email address you used previously on the waitlist (if it differs from your account email).
  • Operator activity log (beta phase): we log which actions the operator performs (e.g. invitation, slot release, notes update) and at what time on which account. This is a technical requirement under GDPR's accountability principle (Art. 5(2)). The log contains only internal record-IDs and action types — no note contents and no email addresses.
  • Profile data (optional): first name, last name, preferred email language (DE / EN), role in the agility community (dog handler, trainer, judge, club organiser, other). Used solely for personalised service communication and internal triage. You can change or clear this data at any time via your account overview.
  • Marketing consent (optional, separate): if you have opted in to occasional product news, we store the consent timestamp as proof of consent (Art. 7(1) GDPR). You can revoke at any time via the account overview — the revocation timestamp is recorded in the internal audit log.
  • Mail communication log: when we send you an email (waitlist confirmation, password reset, or a beta-launch update), we store a pseudonymised record that an email of that type was sent at that time. The recipient is stored only as a one-way hash (HMAC) of your address — never in clear text — so we can prove what was sent, avoid sending the same beta update to you twice, and honour opt-outs. Technical accountability requirement (Art. 5(2) GDPR). See § 06 for retention.
  • Trial-eligibility record: we store when a Smarter Agility user-ID was first linked to RunLine, plus a counter of how many RunLine accounts have ever bound that SA-ID. This record exists solely to prevent trial-abuse on future paid subscriptions. Legal basis: Art. 6(1)(f) GDPR legitimate interest. Important: this record is NOT deleted when you delete your RunLine account — data minimisation is satisfied by the absence of any direct identifiers (no name, no email, only the SA system-ID).
  • Smarter Agility account link: when you link your Smarter Agility account to sync courses, we store that account's email address and a technical session token we use to sync on your behalf. Your Smarter Agility password is never stored — it is used once to sign in and then discarded. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
  • Diagnostic reports (initiated by you): when you report a positioning problem from inside the app via the "Send diagnostics" function, we transmit a technical snapshot to our backend to help us reproduce the issue. It contains position and pose coordinates (not raw camera images), headset model, operating-system and SDK version, the layout of the currently loaded course, and a filtered technical event log. The report is tied to your account (not anonymised) and is sent only on your explicit action. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fixing bugs). See § 06 for retention.
  • Terms-of-Service acceptance record: when you create an account, we store which version of the Terms of Service you accepted and when. Technical accountability requirement (Art. 5(2) GDPR).
  • Server logs: when our APIs are called we briefly process technical log data — including your IP address, the timestamp, a request identifier and (for authenticated calls) your account ID — to operate the service securely, defend against abuse and automated attacks, and enforce rate limits. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security and stability).

§ 03How we use it

  • Provide the RunLine service: sync your courses across devices, deliver updates, respond to support requests.
  • Improve product quality: diagnose crashes, measure feature adoption, prioritise what to build next.
  • Send transactional email about your account, access status or important service changes. We do not sell your data or send marketing emails you did not ask for.
  • Manage the beta phase: only a limited number of testers are invited at a time; we track who has been invited, who has accepted, and we reclaim slots when invitations expire unused. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures for later service use) and Art. 6(1)(f) (legitimate interest in efficient beta-program management; the balanced interests of data subjects are preserved because the data is not shared with third parties and is anonymised or deleted after the beta phase).

§ 04Mixed-reality & sensor data

RunLine runs on Meta Quest and uses the headset's passthrough cameras, room scanning, hand tracking and spatial anchors to render your course at 1:1 scale in your space. This sensor data is processed locally on your headset. RunLine does not upload raw camera frames, depth meshes, or hand-tracking streams to our servers.

When you choose to send a diagnostic report about a positioning problem (see § 02), we transmit derived position and pose coordinates — still no raw camera frames, depth meshes, or hand-tracking streams.

§ 05Third-party services

We rely on a small number of processors to run the service. Each of them is bound by a data-processing agreement and has its own privacy policy.

  • Meta Platforms: Meta Quest Store distribution and sign-in.
  • Smarter Agility: when you import a course you designed there, the course file is transferred to RunLine. To sync, we store your Smarter Agility account email and a technical session token (see § 02 "Smarter Agility account link"). Your Smarter Agility password is never stored.
  • HubSpot (HubSpot Ireland Limited, Dublin): waitlist signups and beta-program communication. Email addresses you submit through the waitlist form are transferred to and stored on HubSpot servers in the EU. Data Processing Agreement: legal.hubspot.com/dpa. If, when creating your account, you indicate that you previously signed up to the waitlist with a different email address, we store that address alongside your account address to match you to your earlier signup. The waitlist address is not re-transmitted to HubSpot — the matching is internal only.
  • Cloud hosting & email: providers we use to store your account data and send transactional mail.
  • Product analytics & crash reporting: anonymised, session-level data only.
  • Trial tracking: no third parties involved. Smarter Agility user-IDs (see § 02 last bullet) are stored exclusively in the local RunLine database. This record is never transmitted to HubSpot, Smarter Agility itself or any other third party — the same ring-fence as for the waitlist bridge applies.

§ 06Data retention

We keep your account data for as long as your account is active. If you close your account, we delete or anonymise your personal data within 30 days, except where we are required to keep records for legal or accounting reasons.

Diagnostic reports (see § 02) are automatically deleted no later than 90 days after they are submitted.

Self-service account deletion (Art. 17 GDPR): you can delete your RunLine account at any time via the "Delete account" function in your account overview. The following is physically removed: your user profile (email, password hash, profile data), all imported Smarter Agility courses, your subscription slot bindings, your beta-program metadata, and every reference to you in operator audit logs. The audit log entries themselves are retained structurally (with an anonymised actor) to satisfy the accountability requirement of Art. 5(2) GDPR. Your Smarter Agility account-ID is retained in the trial-eligibility table (see § 02 last bullet) — that table contains no direct identifiers and exists solely to prevent trial abuse.

Beta-program metadata (see § 02) is stored during the active beta phase. No later than 30 days after the beta ends, invitation, acceptance, prioritisation and kick-counter data is anonymised (set to NULL). The optional waitlist-bridge email is retained until account deletion (separate legal basis Art. 6(1)(a) GDPR). You can revoke this consent at any time yourself via the "Clear bridge" button on your account overview page — the revocation takes effect immediately and removes the waitlist address from your record. If you encounter any issues, emailing mail@getrunline.app remains a valid alternative.

Operator activity log (see § 02) is retained during the beta phase. No later than 90 days after the beta ends, record IDs are pseudonymised (replaced with one-way hashes), so log entries remain available for operational statistics (e.g. "how many invitations were issued in total") while no longer permitting identification of individual users. On account deletion (Art. 17), references to your account are immediately removed from the log (CASCADE DELETE); the anonymised log entries themselves are retained as proof of lawful processing.

Mail communication log & opt-out list (see § 02): the pseudonymised send log keeps each entry for 12 months, after which it is deleted; any free-text field (e.g. a delivery-error message) is cleared after 90 days. The recipient is only ever stored as a one-way hash, so no readable address remains. When you unsubscribe from beta-launch emails we additionally store a hashed entry on a suppression list so we never email that address again — this single hashed entry is kept indefinitely precisely so the opt-out keeps being honoured, and it contains no readable address. On account deletion (Art. 17) the link to your user record is removed; the pseudonymised entries themselves remain within the retention windows above.

§ 07Your rights

Depending on where you live, you have the right to access, correct, export or delete your personal data, to object to certain processing and to lodge a complaint with your local data protection authority. To exercise any of these rights, email mail@getrunline.app and we'll respond within 30 days.

§ 08Children

RunLine is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we'll delete it.

§ 09Changes to this policy

We may update this policy from time to time. The effective date at the top of the page will always reflect the latest version. If a change is material, we'll notify you by email or inside the app before it takes effect.

§ 10Contact

Questions, requests, or concerns: mail@getrunline.app.

© 2026 RunLine
Home Terms Imprint Contact Facebook