Privacy Policy

Last updated: October 2025

Brick.run (“we”, “our”, “the Service”) is owned and operated by Framebit Company Limited, a company legally registered in Thailand. Framebit Company Limited is the data controller responsible for handling your personal information under this Policy.

This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Eligibility

You must be at least 18 years old to use brick.run. By using the Service, you confirm that you meet this age requirement. We do not knowingly collect personal information from individuals under 18.

2. Information We Collect

  • Account: Email address for login and account management.
  • Usage: IP, device, browser, and pages visited for security, fraud prevention, and performance monitoring.
  • Cookies: Strictly-necessary cookies for login; optional analytics and marketing cookies only with user consent.
  • Garmin Data (If you connect Garmin): As permitted by your Garmin permissions—such as activity summaries, workout details, training load, sleep metrics, heart rate, GPS routes, steps, stress, and related fitness data.

3. How We Use Your Data

  • To operate, personalize, and improve the Service.
  • To sync training plans to Garmin devices (when enabled).
  • To generate training analytics, predictions, and dashboards.
  • To send essential emails such as login links or security notices.
  • Optional newsletters/announcements only with opt-in consent.

4. Legal Basis

We process data under: performance of contract (providing the Service), legitimate interests (security, fraud prevention), and consent (Garmin access, analytics cookies, newsletters).

5. Garmin Data Handling

If you connect your Garmin account, Garmin will share your permitted activity data with us. We use this only to provide training analytics, display your history, and sync training plans.

You may revoke Garmin access at any time via your Garmin account settings. Revocation stops future syncs but does not automatically delete historic data imported into brick.run (you may request deletion).

6. Sharing

We do not sell personal data. We share data only with processors:

  • Supabase (hosting, database, authentication)
  • Email provider (Resend, Postmark, or SendGrid)
  • Analytics provider (Plausible or Google Analytics, if enabled)
  • Garmin (when syncing training plans or when users authorize data import/export)

7. Retention

Active account data is retained until you delete your account. Deleted accounts are purged within 90 days, though backups may persist briefly.

8. Security

We use HTTPS, encrypted storage, least-privilege access, and audit logging to protect data.

9. Your Rights

Depending on your region, you may access, correct, delete, or export your data. You may also request deletion of Garmin-imported data or revoke third-party permissions.

Contact: privacy@brick.run

9. International Transfers

When required, we use approved safeguards (such as Standard Contractual Clauses) for cross-border processing.

10. Breach Notification

If a data breach occurs, we will notify users and regulators as required by law.

11. Changes

We may update this policy periodically. The latest version will always appear here.