Back to Home

Privacy Policy

Last updated: April 30, 2026

1. Information We Collect

We collect the following categories of information when you use Endorfin:

  • Account information: Your name, email address, and (if you sign in with Google) Google profile photo. You can register either by email and password — in which case we send a one-time passcode (OTP) to verify your address — or via Google Sign-In (OAuth 2.0).
  • Profile information: Bio, running preferences, profile visibility settings, and a profile picture you upload from your device.
  • Photos and uploads: Profile pictures, event cover photos, event gallery photos, and images you share inside chats. These are stored on our hosted file storage (Supabase Storage).
  • User-generated content: Messages, replies, polls, votes, reactions, pinned posts, and any answers you submit to a club's join form when you request to join.
  • Club and event activity: Events you RSVP to, clubs you've requested to join or are a member of, your role within a club (member, admin, owner), and the status of your join requests.
  • Social graph: Follow/unfollow actions, follow requests, and the relationships you build with other users.
  • Location data: Your device's GPS coordinates (with your permission) to show nearby running events and personalize recommendations.
  • Device information: Push notification tokens, device type, operating system version, and app version, used to deliver notifications and ensure compatibility.
  • Diagnostics: Crash reports and error logs (which may include device metadata and the screen you were on at the time of the crash) used to fix bugs.

2. How We Use Your Information

  • Authenticate you, verify your email via OTP, and keep you signed in across sessions.
  • Personalize event and club recommendations based on your location and interests.
  • Process and display your RSVPs to event organizers and other attendees.
  • Operate clubs: process join requests, share your join-form answers and email with the relevant club's admins for review, and gate club discussions to active members.
  • Power chat features: deliver your messages, replies, polls, reactions, and any images you share to other participants in the same thread (event attendees or club members).
  • Enable social features including following other runners and managing follow requests.
  • Send push notifications for new messages in clubs and events you participate in, follow requests, RSVP updates, and other relevant activity.
  • Send transactional emails — OTP codes, password resets, club admin notifications, club welcome emails, and rejection emails — via our email provider.
  • Provide AI-assisted training suggestions through Kip, our AI Coach. When you use Kip, your run history, fitness metrics, and message context are sent to our AI provider (Anthropic) to generate a response.
  • Improve app performance, fix bugs, and develop new features.
  • Enforce our Terms of Service and protect against misuse.

We do not sell your personal data to third parties. Your data is not used to train any third-party AI model.

3. Third-Party Services

Endorfin relies on the following third-party services to operate. Each may process some of your data on our behalf:

  • Google Sign-In: Authentication for users who choose Google. Subject to Google's Privacy Policy.
  • Supabase: Database hosting (Postgres) and file storage for uploaded photos. Subject to Supabase's Privacy Policy.
  • Railway: Hosting our backend API. Subject to Railway's Privacy Policy.
  • Expo Push Notifications: Delivering push notifications to your device. Subject to Expo's Privacy Policy.
  • Resend: Sending transactional emails (OTP, password reset, club notifications). Subject to Resend's Privacy Policy.
  • Sentry: Crash and error reporting. Subject to Sentry's Privacy Policy.
  • Detour: Deep linking and deferred deep links. Subject to Detour's Privacy Policy.
  • Anthropic (Claude): Powers the Kip AI Coach. When you interact with Kip, the relevant conversation context and your run/profile metrics are sent to Anthropic to generate a response. Subject to Anthropic's Privacy Policy. Anthropic does not use your data to train its models.
  • Event platforms: When you RSVP to events sourced from external platforms, limited profile information (name, profile photo) may be visible to event organizers and other attendees.

4. Data Sharing

We may share your information in the following circumstances:

  • With event organizers when you RSVP to their events (name and profile photo).
  • With club admins when you request to join their club — they receive your name, email, profile photo, and any answers you provide in the club's join form.
  • With other club members for content you post in a club discussion (your name, profile photo, messages, replies, polls, reactions, and any images you share). Club discussions are scoped to active members.
  • With other event attendees for content you post in an event discussion (same scope as above).
  • With other users based on your privacy settings (public profiles are visible to all users; private profiles require follow approval).
  • With service providers who help us operate the platform (see Section 3).
  • When required by law, legal process, or to protect our rights and safety.
  • In aggregated, anonymized form for analytics purposes.

5. Data Storage and Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (HTTPS/TLS) and secure token storage on your device. Authentication tokens are stored using platform-native secure storage mechanisms. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our terms).

7. Your Rights

You have the following rights regarding your personal data:

  • Access and portability: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate information through your profile settings.
  • Deletion: Request deletion of your account and associated data.
  • Opt-out: Disable push notifications through your device settings or opt out of marketing communications.
  • Withdraw consent: Revoke location permissions at any time through your device settings.

To exercise any of these rights, contact us at the address below or use the in-app settings.

8. Applicable Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA) as applicable. If you are located outside India, please be aware that your data may be transferred to and processed in India.

9. Children's Privacy

Endorfin is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or via email. Continued use of Endorfin after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at hello@endorfin.run.