Privacy Policy

Last updated: March 2026

Brick.run (“we”, “our”, “the Service”) is owned and operated by Framebit Company Limited, a company legally registered in Thailand. Framebit Company Limited is the data controller responsible for handling your personal information under this Policy.

This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Eligibility & Child Protection

You must be at least 18 years old to use brick.run. By using the Service, you confirm that you meet this age requirement.

This Service is not directed at, and is not intended for use by, children or minors under the age of 18. We do not knowingly collect, store, or process personal information from anyone under 18. If we become aware that we have inadvertently collected personal data from a minor, we will delete that data promptly. If you believe a minor has provided us with personal data, please contact us at privacy@brick.run so we can take immediate action.

2. Information We Collect

  • Account: Email address for login and account management.
  • Usage: IP, device, browser, and pages visited for security, fraud prevention, and performance monitoring.
  • Cookies: Strictly-necessary cookies for login; optional analytics and marketing cookies only with user consent.
  • Garmin Data (If you connect Garmin): As permitted by your Garmin permissions—such as activity summaries, workout details, training load, sleep metrics, heart rate, GPS routes, steps, stress, and related fitness data.

3. How We Use Your Data

  • To operate, personalize, and improve the Service.
  • To sync training plans to Garmin devices (when enabled).
  • To generate training analytics, predictions, and dashboards.
  • To send essential emails such as login links or security notices.
  • Optional newsletters/announcements only with opt-in consent.

4. Legal Basis

We process data under: performance of contract (providing the Service), legitimate interests (security, fraud prevention), and consent (Garmin access, analytics cookies, newsletters).

Health & fitness data (special category): Heart rate, sleep, GPS routes, training stress, and similar health-related data constitute special category data under GDPR and equivalent laws. We process this data solely on the basis of your explicit consent, given when you connect Garmin or enable fitness-tracking features. You may withdraw this consent at any time by revoking Garmin access or deleting your account, without affecting the lawfulness of prior processing.

5. Garmin Data Handling

If you connect your Garmin account, Garmin will share your permitted activity data with us. We use this only to provide training analytics, display your history, and sync training plans.

You may revoke Garmin access at any time via your Garmin account settings. Revocation stops future syncs but does not automatically delete historic data imported into brick.run (you may request deletion).

6. Sharing

We do not sell personal data. We share data only with processors:

  • Cloud infrastructure provider (hosting, database, authentication)
  • Transactional email provider
  • Analytics provider (if enabled, with your consent)
  • Garmin (when syncing training plans or when users authorize data import/export)
  • OpenAI (AI-generated training plans only; limited to the athlete profile data needed for plan generation; OpenAI is contractually prohibited from using your data to train its models)

7. Retention

Active account data is retained until you delete your account. Deleted accounts are purged within 90 days, though backups may persist for up to 12 months.

8. Security

We use HTTPS, encrypted storage, least-privilege access, and audit logging to protect data.

9. Your Rights

Depending on your region, you may access, correct, delete, or export your data. You may also request deletion of Garmin-imported data or revoke third-party permissions.

Contact: privacy@brick.run

AI-specific rights: You have the right to request human review of, contest, or opt out of decisions produced by AI-powered features (such as generated training plans). Contact privacy@brick.run to exercise these rights.

10. AI-Powered Features

Brick.run uses AI and AI-powered systems internally to support certain Service features. Specifically:

  • Training plan generation: When you request a personalised training plan, your athlete profile data (fitness thresholds, race date, training history, and goal targets) is sent to a third-party large-language-model API (currently OpenAI) to generate a structured training plan. No data is shared beyond what is necessary for this request, and we do not permit the provider to use your data to train its models.
  • Analytics & predictions: Algorithmic models running internally on our infrastructure analyse your activity and training data to produce dashboards, performance predictions, and recommendations. These models do not share your data with external AI providers.

AI-generated content (e.g. training plans) is informational only and does not constitute medical or professional coaching advice. You retain full control and may choose not to use AI-generated features.

11. Breach Notification

If a personal data breach poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by applicable law.

12. Governing Law

This Privacy Policy is governed by the laws of Thailand. Users in other countries also benefit from the mandatory protections of their local data protection law, which this Policy does not override.

13. Changes

We may update this policy periodically. The latest version will always appear here.