We built Zonna to help you train smarter, not to harvest your data. This policy explains what we collect, why, and what you can do about it. Plain English throughout — no legal fog.
Zonna is a running training application operated by Russell Shear, based in the United Kingdom. The app is available at zonna.run and via the App Store.
For any privacy-related queries, contact us at support@zonna.run.
We collect the minimum needed to run the app. Nothing more.
When you sign up, we store your email address and an encrypted password (if using email sign-in), or a reference to your Google or Apple account (if using OAuth). We also store your first name, last name, and any profile details you choose to add.
To deliver a personalised training plan, we store: your race date, race distance, weekly training volume, HR zones (resting HR, max HR), fitness level, year of birth (used only to estimate your max heart rate when you haven't entered your own — we don't ask for day or month), and plan preferences. This data is provided by you during plan generation and is stored in your account.
When you log a training session, we store: completion status, RPE (rate of perceived exertion, 1–10), fatigue tags, distance, duration, and — where available from Strava — your average heart rate. This is used to provide coaching feedback and track your progress.
We do not currently collect analytics or behavioural data beyond what is required for core app functionality. When analytics are added, this policy will be updated.
If you connect Strava, Zonna requests read-only access to your Strava activities. Specifically: Zonna will read your Strava activities to provide coaching insights. We do not write to Strava, we do not access your social connections, and we do not share your Strava data with third parties.
Your Strava access token is stored securely in your account. You can disconnect Strava at any time from the Profile screen — this deletes the stored token immediately.
If you connect Apple Health (iOS app only), Zonna requests read-only access to your runs and recovery signals: workouts, heart rate samples within those workouts, resting heart rate, heart rate variability, sleep duration, and VO₂ max. We use this data to coach your training and detect days when your body needs a softer session.
Apple Health authorisation is managed entirely by iOS. Zonna never writes to Apple Health and never reads any health categories outside those listed above. For your runs, we store both summary values (distance, duration, average heart rate) and the per-workout heart rate sample stream — this lets the coach detect cardiac drift and effort fade across a single session. For daily recovery signals (resting heart rate, HRV, sleep), we store one daily summary value per metric, not raw sample streams. You can disconnect at any time from the Profile screen, or revoke access from iOS Settings → Privacy → Health → Zonna.
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.
Our database and authentication are provided by Supabase, Inc. Your data is stored on Supabase infrastructure (AWS, EU region). Supabase is GDPR-compliant. Supabase privacy policy →
When you use the AI coaching features, session data is sent to Anthropic's API to generate a coaching response. Anthropic does not use API inputs to train their models by default. Anthropic privacy policy →
If connected, Strava activity data is fetched via the Strava API and stored in your Zonna account. Strava privacy policy →
The app is hosted on Vercel. Request logs may be retained by Vercel per their standard policies. Vercel privacy policy →
App Store subscriptions are managed via RevenueCat, which gives us a unified view of subscription status. RevenueCat receives the App Store transaction ID, your subscription status (active, cancelled, refunded), and a pseudonymous user identifier tied to your Zonna account — not your name, email, or payment details. Apple handles all payment information directly. RevenueCat privacy policy →
We keep your data for as long as your account is active. If you delete your account, all associated data is permanently deleted within 30 days — including your plan, session history, and Strava connection.
Supabase authentication records are deleted immediately on account deletion.
If you are based in the UK or European Economic Area, you have the following rights under GDPR:
To exercise any of these rights, email support@zonna.run. We will respond within 30 days.
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
To exercise these rights, email support@zonna.run.
You can delete your account at any time from the Profile screen in the app. Deletion is permanent and removes all associated data: your plan, session history, Strava connection, and account credentials.
If you are unable to delete via the app, email support@zonna.run and we will delete your account within 7 days.
Zonna is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has provided us with personal data, please contact support@zonna.run and we will delete it promptly.
Zonna uses browser local storage (not cookies) to persist your theme preference and Strava session token on your device. This data stays on your device and is not transmitted to our servers.
We do not use tracking cookies or third-party advertising cookies.
If we make material changes to this policy, we will notify you by email or via an in-app notice before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.
Continued use of Zonna after changes constitutes acceptance of the updated policy.