Join Waitlist

CONQR Consumer Health Data Notice

Last updated: February 11, 2026

This notice explains what consumer health data CONQR collects, how we use it, and the choices you have. This notice is provided under the Washington My Health My Data Act and supplements our Privacy Statement.

Contact: info@runconqr.com

Scope

This notice applies to "consumer health data" as defined by Washington law, meaning personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.

Consent and authorization

Collection consent

When you enable run tracking (including granting device location permission) and when you provide optional health inputs for coaching or training plans, you provide affirmative express consent for our collection and use of consumer health data as described in this notice.

Sharing authorization

We do not sell consumer health data.

We do not share consumer health data with third parties except:

  • With your consent for sharing that is separate and distinct from consent to collect, or
  • To the extent necessary to provide a product or service you request.

Disclosures to processors

We disclose consumer health data to service providers that act as "processors" on our behalf (contractually restricted to process data only to provide services to us).

What we collect

Individual health conditions

Common running-related medical concerns or injuries you voluntarily provide for coaching context.

Activity and performance data

  • Distance, pace, time, elevation, and similar workout metrics.
  • Training progress, goals, and performance trends.
  • Self-reported activity level and fitness self-evaluation.
  • Inferences we generate from your activity (for example cadence, effort estimates, and progression statistics).

Demographic and physical attributes

Collected only if you opt in to coaching or training plans:

  • Sex or gender field as offered in-app.
  • Age range.
  • Exact height.
  • Exact weight.

Location data related to physical activity

  • GPS routes and timestamps during tracked activity.
  • Derived segments, zones, and in-app territory features.

Health platform and device or sensor data

  • Heart rate and other fitness metrics you choose to import from Apple HealthKit or Google Health Connect.
  • Motion and speed data used to measure runs and detect invalid activity.

What we do not collect

We do not collect medical records, diagnoses, or clinical data. We do not use geofencing to identify or infer visits to healthcare facilities, and we do not collect consumer health data based on proximity to such locations.

Sources of consumer health data

We collect consumer health data from:

  • You (inputs you enter, including optional coaching inputs).
  • Your device sensors and device-generated run data.
  • Connected health platforms you authorize (such as Apple HealthKit or Google Health Connect).
  • Our derived and inferred analytics generated from run data.

Why we use this data

We use consumer health data to:

  • Track, analyze, and display your runs.
  • Generate maps, zones, and gameplay features (including territory mechanics).
  • Provide training plans and coaching features if you opt in.
  • Personalize fitness-related experiences (for example recommendations tied to your activity history).
  • Detect invalid or fraudulent activity and protect the integrity of the Service.

AI coaching

If you opt in to AI coaching, we may send a limited payload to OpenAI via API to generate coaching outputs for you. OpenAI states that business/API data is not used to train models by default and describes retention of certain API logs for abuse monitoring and service operation.

We do not use consumer health data for advertising or marketing.

Aggregated and de-identified data

We may use aggregated or de-identified activity statistics to improve CONQR or support research, reporting, or commercial partnerships. We do not attempt to reidentify de-identified data.

We do not sell consumer health data and we do not exchange consumer health data for monetary or other valuable consideration.

Who we disclose or share it with

Processors that act on our behalf

We disclose consumer health data to processors that provide services to us, such as:

  • Supabase for authentication, database storage, and user management.
  • Fly.io for app infrastructure and API hosting.
  • RevenueCat for purchases, subscription status, and entitlements.
  • Open-Meteo for weather forecasts, which receives only coarse, grid-rounded coordinates; Open-Meteo states its webserver logs may contain coordinates for troubleshooting and are deleted after a stated period.
  • OpenAI for AI coaching outputs only if you opt in, as described above.

User-directed sharing

If you connect and export activities to Strava, you direct us to share activity information with Strava for that export. For Strava exports, we upload:

  • A GPX file, and
  • Limited metadata such as sport type and an activity name formatted like "CONQR Run YYYY-MM-DD."

Data retention

We retain consumer health data while your account is active.

After account deletion, we delete consumer health data from our systems and instruct our processors to do the same within 28 days, except that residual copies may persist in backups for a limited period where permitted by law and are not used for any other purpose during that time.

Aggregated and de-identified data may be retained indefinitely because it cannot reasonably be linked back to you.

Your choices and rights

Washington consumers have rights that may include:

  • Withdraw consent for our collection and sharing of consumer health data.
  • Access consumer health data.
  • Delete consumer health data.
  • Appeal a denial of a rights request.

How to exercise rights

Email info@runconqr.com with your request. You may also delete your account or disable features in-app where available (for example disabling run tracking or opting out of coaching inputs).

We will provide consumer health data in a standard machine-readable format such as JSON.

Response timing

We respond within 45 days, and may extend once by an additional 45 days when reasonably necessary.

Appeals

If we deny your request, we will explain why and how to appeal by emailing info@runconqr.com with "Appeal" in the subject line. If an appeal is denied, you may contact the Washington State Attorney General.

How we protect your data

We use industry-standard security controls, including encryption in transit using HTTPS/TLS, authentication controls, and restricted access based on role and need.

Contact

Swank Labs LLC DBA CONQR
info@runconqr.com