Privacy Policy Roast My Run — Privacy Policy Effective date: 29 December 2025 This Privacy Policy explains how Roast My Run (“we”, “us”, “our”) handles information when you use the App. 1. Summary (plain English) Your screenshots are stored locally on your device. We do not send your screenshot images to our servers or to OpenAI. We send only the run statistics (and, if needed, OCR-extracted text) to our server to generate roasts. We do not require accounts and we do not aim to identify you. 2. Information we process 2.1 Information you provide Screenshots you choose to upload (stored on-device). Run statistics you confirm or type (distance, duration, pace, elevation, heart rate, cadence, splits if provided). 2.2 Information generated by the App Roast text and coach tips. Timestamps and settings used (intensity/length/savage mode), favourites, and your saved history. 2.3 Automatically collected information We do not use analytics or third-party tracking in the App. Apple and your device may still provide standard diagnostic information outside of our control (for example, iOS-level crash logs you choose to share with Apple). 3. Where data is stored On your device: screenshots, run entries, roast history, favourites. On our servers (Cloudflare Worker): we process run stats (and, if needed, OCR text) to generate roasts. We do not intend to store your screenshots or run stats long-term on our servers. 4. How we use information We use your information to: extract and confirm run stats, generate roasts and coach tips, display your history and favourites, protect the service from abuse and keep it reliable. 5. Third-party services The App relies on third parties to operate: Cloudflare Workers: our server endpoint runs on Cloudflare infrastructure. OpenAI: we send confirmed run statistics (and, if needed, OCR text) to generate a roast and coach tip. We do not send your screenshot image. Apple App Store: subscription billing is handled by Apple. RevenueCat (if used): subscription entitlement may be managed via RevenueCat. These providers process data according to their own privacy policies. 6. Legal bases (UK/EU style) Where applicable, we process data based on: Contract: to provide the App features you request (generate roasts, store history). Legitimate interests: to prevent fraud/abuse and maintain a secure, reliable service. 7. Data retention On-device data: remains until you delete it, use in-app delete controls, or uninstall the App. Server-side: we do not intend to store your screenshots or run stats long-term. Minimal operational logs (for example, request time and success/fail) may be retained for a limited period for security and reliability. 8. Your choices and rights You can: delete individual entries, delete all history using Settings, uninstall the App to remove local data. Depending on your location, you may have rights to access, delete, or restrict processing. Contact us at hello@joshcooling.co.uk . 9. Children The App is not intended for children under 13. We do not knowingly collect information from children. 10. International transfers Our service providers may process data in different countries. Where required, appropriate safeguards are used by those providers. 11. Changes to this policy We may update this policy. If changes are material, we will update the effective date and provide notice in-app where appropriate. 12. Contact Questions or requests: hello@joshcooling.co.uk Operator: Roast My Run