Privacy Policy
Last updated: May 12, 2026
This Privacy Policy describes how Benton Technology ("we," "us," or "our") collects, uses, and protects information when you use the TrackMyRun mobile application and the dashboards served from our domains (collectively, the "Service"). By using TrackMyRun you agree to this policy.
The short version. We collect only what we need to run TrackMyRun: an account (via Sign in with Apple or email), your run data while you're running, and — if you choose to enable SMS notifications — phone numbers and names of up to two contacts you select. We do not sell, rent, lease, share, or transfer mobile opt-in data, including phone numbers collected for SMS notifications, to third parties or affiliates for marketing or promotional purposes. Run data expires automatically. You can delete your account at any time.
1. Who we are
The Service is operated by Benton Technology, a sole-proprietor software studio based in the United States. Questions about this policy can be sent to [email protected].
2. Information we collect
Account information
- Sign in with Apple — if you sign in with Apple, we receive your Apple user identifier and (if you choose to share it) your email address. We store the Apple identifier to link your account. If you use Apple's private relay email, we only see the relay address.
- Email address — used for account verification (if registering with email) and password-reset codes. Sign in with Apple users may share their real email or Apple's private relay address.
- Password (email registration only) — never stored in plain text. Hashed using Argon2 before storage.
- Display name — an optional name you set, used in SMS notifications sent to your contacts.
- Account identifiers — an internal slug we generate, plus authentication tokens. Tokens are stored as SHA-256 hashes; we never store the plaintext token. Write tokens expire after 90 days; view tokens expire after one year.
- Subscription information — Apple's StoreKit transaction identifier, product ID, and expiry, used to verify your subscription is active.
Run data
- GPS location — recorded only while a run is in progress, to power your live dashboard map.
- Heart rate, pace, distance, splits — read from Apple HealthKit during the run.
- Motion and pedometer data — stride-based speed from the device accelerometer (via CoreMotion), used to improve pace accuracy. Collected only during active runs.
- Run timestamps — start time, elapsed time, end time.
Live run data is stored in PostgreSQL with a configurable expiry — the default is 24 hours after the run ends, and you can shorten it to as little as five minutes inside the iPhone app. Broadcast log entries are retained for up to 30 days for post-run review and are then automatically deleted.
SMS notification contacts
If you choose to enable run-start SMS notifications, you may add up to two contacts. We store the contact's name and phone number for the sole purpose of sending these messages. You may remove a contact at any time. See the SMS Notifications page for the complete description of this feature.
Diagnostic and request data
Our server records standard request logs (IP address, request method, URL, response status, request ID, and a timestamp) for operational and security purposes — for example, rate limiting and debugging. Logs are retained for a limited operational period and are not used to build advertising profiles.
3. How we use information
- To create and authenticate your account.
- To stream your live run data to the dashboards you have shared.
- To verify your subscription with Apple.
- To send transactional emails — verification codes and password-reset codes only (email registration accounts).
- To send the run-start SMS messages you have configured to your two contacts.
- To investigate abuse, fraud, and operational problems, and to comply with legal obligations.
4. Service providers
We share the minimum information necessary with the following service providers, each of which is contractually obligated to protect that information:
| Provider | Purpose | Data shared |
|---|---|---|
| Twilio | Delivery of SMS run-start notifications | Recipient phone number, message body, your runner display name |
| Resend | Delivery of transactional email (verification, password reset) | Your email address, email subject and body |
| Apple | Subscription billing and StoreKit receipt verification | StoreKit transaction identifiers |
| Railway | Server and PostgreSQL hosting | All Service data, encrypted in transit and at rest |
| Sentry | Error and crash diagnostics | Stack traces, request metadata; does not include passwords or message bodies |
| Cloudflare | Dashboard page analytics and performance monitoring | Page views, performance metrics, and IP address of dashboard visitors |
| OpenStreetMap | Map tile imagery for the live dashboard | Map viewport coordinates requested by dashboard viewers' browsers |
5. Mobile opt-in data — what we will never do
We do not sell, rent, lease, share, or transfer mobile opt-in data, including any phone number collected for the purpose of SMS notifications, to any third party or affiliate for marketing or promotional purposes. Phone numbers are passed only to Twilio (our SMS delivery provider) and only for the purpose of delivering the messages described in our SMS Notifications policy.
6. Data retention and deletion
- Account data — kept until you delete your account.
- Live run data (state and trail) — kept for up to 24 hours after the run ends by default, configurable down to five minutes.
- Run log archive — kept for 30 days, then deleted.
- Notification contacts — kept until you remove the contact or delete your account.
- Email verification / password reset codes — expire after 10 minutes.
- Server request logs — kept for a limited operational period (typically less than 30 days).
You can delete your account from the iPhone app under Account → Delete Account. This permanently removes your account record, all live run data, your location trail, your notification contacts, and any pending verification or reset codes. Archived run logs are retained until their 30-day expiry and then automatically deleted. You may also request deletion by emailing [email protected].
7. Security
- All connections to the Service use HTTPS / TLS.
- Passwords (when used) are hashed with Argon2.
- Authentication tokens are stored as SHA-256 hashes, never as plaintext.
- The dashboard view token is derived deterministically from a server-side secret using HMAC-SHA256, so the URL is unguessable.
- Rate limits are applied to login, registration, password reset, and message-sending endpoints to deter abuse.
- The mobile app stores credentials in the device Keychain, not in plaintext storage.
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at [email protected].
8. Children
TrackMyRun is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided information to us, contact [email protected] and we will delete it.
9. Your choices and rights
- Update or delete your account from the iPhone app, or by emailing us.
- Remove a notification contact at any time from the iPhone app.
- Regenerate your dashboard URL to revoke access for everyone who currently has the old link.
- Stop SMS notifications. Recipients may reply STOP to any message and will receive no further messages.
- Residents of California, the EU/UK, and other jurisdictions with data-protection laws (GDPR, UK GDPR, CCPA, CPRA, and similar) have rights of access, deletion, correction, and portability. To exercise any of these rights, contact [email protected] and we will respond within the legally required timeframe.
10. International transfers
Our service providers may process data in the United States and other countries. Where required, we rely on appropriate transfer mechanisms (e.g., Standard Contractual Clauses) for cross-border data transfers.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through the iPhone app or via email to your account address.
12. Contact
Benton Technology
Email: [email protected]
Website: https://bentontechnology.net/trackmyrun/