⚠️ Draft pending legal review — This document is a candidate authoritative version written based on code implementation facts. Before publication, it must undergo review by a legal professional and resolution of the [TO BE CONFIRMED] and [TO BE FILLED] items.
runclip Privacy Policy
Effective date / Last updated: July 4, 2026 (v2 — reflects the Runel feed, run record sync, and runclip Pro)
runclip (the "App") is an app that records your runs via GPS, lets you place record modules on photos and videos to save them as images/videos, and optionally lets you upload the results to the in-app feed "Runel" for sharing. The App is operated by an individual developer.
The App's data processing is divided into three tiers depending on how you use it.
| Tier | Condition | Where your data is stored |
|---|---|---|
| ① Local only | Using the App without signing in | Personal content such as run records, photos, and videos is stored only on your device and is not transmitted externally (with the exceptions of error diagnostics data (§1-6) and anonymous usage statistics you have consented to (§1-5)) |
| ② Record sync | Signing in with a Google/Apple account | Run records are backed up to a cloud space dedicated to your account and synced across your devices |
| ③ Feed posting | Directly uploading a clip to Runel | Uploaded content becomes visible to other users according to the visibility setting you choose |
Core principles:
- If you do not sign in, run records, photos, and videos are stored only on your device and are not transmitted externally (error diagnostics information is an exception — §1-6).
- Signing in and uploading are both your choice. Public clips can be viewed without signing in.
- We do not sell personal data or provide it to third parties for advertising purposes, and there is no advertising SDK.
1. Information We Collect and Store, and Its Purposes
1-1. Stored on Your Device Only (Not Signed In — No External Transmission)
If you are not signed in, the following information is stored only inside your device and is not transmitted to the developer or third parties.
- Run records: distance, time, pace, 1 km split records, GPS route coordinates, start time.
- Watch measurements (when paired): heart rate, calories.
- User input: record titles and notes, manually entered records.
- Photos and videos: images/videos you select or capture as backgrounds, and editor state.
- App settings: units, theme, watermark, analytics consent status, purchase state cache.
- Backup files: JSON files generated when you manually run an export (including records, coordinates, and editor state). You control where they are stored and how they are handled afterward.
1-2. Account Information (When Signed In)
Sign-in supports Google or Apple social sign-in only (no email/password registration).
- Authentication information (Firebase Authentication): a unique account identifier (UID), and the social account's display name, email address, and profile photo URL. The email address is processed only for authentication and account identification purposes and is not disclosed to other users.
- Profile document (information that may be visible to other users): handle (auto-generated, changeable), display name, profile photo, bio, profile visibility setting, follower/following/clip counts, sign-up time. The profile document does not store your email.
- The default profile visibility setting is "public", and you can change it to private in profile editing. However, even if you set your profile to private, clips set to "Public" remain visible in the feed (visibility is applied per clip).
- Profile photos are stored on a public CDN (Cloudflare R2) and can be accessed by anyone who knows the image URL, regardless of your profile visibility setting.
1-3. Run Record Cloud Sync (Hereinafter "Run Sync" — Automatic When Signed In)
When you sign in, your run records are backed up to a cloud space dedicated to your account and used for multi-device sync. All existing records on your device at the time of sign-in are backed up together.
- Synced items: distance, time, average pace, start time, 1 km split records, record titles and notes, record source (GPS/manual), heart rate and calories (when measured with a watch), the full GPS route coordinates (latitude, longitude, timestamp, altitude, accuracy), and a summary route.
- Storage location: your dedicated documents in Firebase Firestore. Large routes (400 KB or more after compression) are stored under your dedicated path in Cloudflare R2.
- Access control: under the server security rules, only your own account can read and write them, and they are not disclosed to other users or non-signed-in users. Route files in R2 are accessible only via time-limited signed URLs.
- What is not synced: image/video outputs created with the editor, and original photos/videos. Posting to the feed is a separate, explicit action (1-4).
- While not signed in, no records are transmitted to the server.
1-4. Runel Feed Posted Content (Only When You Directly Upload)
When you upload a clip, the following is stored in the cloud.
- Media files: the finished video or image, and thumbnail (Cloudflare R2).
- Clip information (Firebase Firestore): author UID, caption, visibility setting, route-hiding setting value, distance and pace display strings (when metric display is turned on), like count, posting time.
- Clip information does not include raw GPS coordinates or route data. However, if you exported with a course map module placed in the editor, the route shape is uploaded embedded in the video/image pixels (see §2).
- Interaction data: likes, follow/follower relationships, report submission records (when in-app reporting is provided).
1-5. Anonymous Usage Statistics (Firebase Analytics)
To improve the App, we may collect usage statistics that cannot identify individuals.
- The default is no collection (OFF). However, when social sign-in succeeds, analytics collection consent is automatically turned on. Even after signing in, you can turn it off at any time with the toggle on the settings screen, and turning it off immediately stops further collection.
- Events the App directly logs: run start/completion, manual record save, image export, backup export/import, paywall view, purchase start/completion/restore.
- Non-identifying parameters sent along with them: record source, distance bucket (e.g., 3–10 km), canvas ratio, module count, background type, export quality, paywall entry path, product ID and product type.
- In addition, while collection is on, automatic events the Firebase SDK collects as standard (app launch, sessions, etc.) and device information may also be collected.
- What is not transmitted: GPS coordinates and routes, record titles and notes, photos/videos and their identifiers, and personally identifiable information such as name and email are not transmitted as analytics parameters (the design is such that only predefined non-identifying parameters are transmitted).
1-6. Diagnostics and Stability Data (Firebase Crashlytics)
When the App encounters an error or abnormal termination, diagnostic information for identifying the cause (technical information such as error stack traces, device model, OS version, and app version) is collected.
- Crash diagnostics collection operates independently of the analytics consent toggle in 1-5 above, and is collected even if you turn analytics consent off.
- The personal data in 1-1 (coordinates, photos, notes, etc.) is not included.
1-7. Payment Information (runclip Pro)
runclip Pro is offered as a monthly subscription (₩3,900), an annual subscription (₩19,000, 7-day free trial), and a Lifetime purchase (₩39,000, one-time purchase).
- Payments and refunds are handled entirely by the App Store (Apple) and Google Play (Google). The developer cannot access payment method information such as card numbers, and does not transmit or store payment information on its own server (there is no own server; processing happens only between the device and the store).
- Only the purchase state (Pro status, product type) is stored on the device (device-only Keychain on iOS, app-internal storage on Android).
- Only when analytics consent is on, purchase funnel events (paywall view, purchase start/completion/restore — at the level of product ID and entry path) are collected as described in 1-5. Payment amounts and payment method information are not collected.
- Auto-renewing subscriptions can be canceled in each store's subscription management menu.
2. What Public Sharing Means (Important)
- Clips posted as "Public" can be viewed by anyone, including people who are not signed in. Media of Public clips is served via public CDN URLs, so if a URL is shared, it can be accessed outside the App as well. Even if you switch a clip from Public to Private, access via existing URLs already shared externally may continue.
- Media of "Followers" and "Private" clips is served only via permission-checked, time-limited (1 hour) signed URLs.
- The visibility setting (Private / Followers / Public) is chosen at upload time. [TO BE CONFIRMED: default visibility — the current upload screen guidance text ("default is Private") and the actual behavior (default "Public") are inconsistent; state the final wording after fixing the App]
- Notice regarding route exposure: a "hide route" setting is provided at upload time (on by default). However, videos/images exported with a course map module placed in the editor contain the route shape as pixels, and the hide-route setting does not remove it. To avoid revealing your start/finish points (home, workplace, etc.), if you do not want your route disclosed, please upload output that does not include a course map module. [TO BE CONFIRMED: adjust wording after confirming the actual exposure-control behavior of the hide-route setting]
- Your caption and profile (handle, display name, profile photo) are also displayed to other users along with the clip.
3. Permissions and Purposes of Use
The App requests the permissions below at the time you use the corresponding feature. Other features work normally even if you decline.
| Permission | Purpose of use |
|---|---|
| Location (precise/approximate) | Recording run routes, distance, and pace. Background location is used during measurement to keep tracking even when the screen is off (Android foreground service / iOS background location mode). |
| Camera | Capturing a background photo for your record directly. |
| Photo library (iOS, add-only) | Saving finished record images/videos to your album. Permission to read existing photos is not used. |
| Notifications | Run progress and completion notifications, live displays (Live Activity, etc.), upload progress notifications. |
| Health (HealthKit / body sensors, watch) | Measuring and displaying heart rate and calories during runs, and saving workout records. Health data is used only on the device and for sync to your own account (1-3, when signed in), and is not disclosed to other users. |
| Physical activity recognition (Android Wear) | Watch workout measurement. |
| Battery optimization exemption (Android, optional) | Requested so the measurement service is not force-killed during long runs. |
4. Processing Outsourcing and Cross-Border Transfer (Third-Party Processors)
The developer outsources data processing to the services below. Each provider processes data under its own privacy policy, and servers may be located outside Korea.
| Processor | Processing details | Storage location (region) |
|---|---|---|
| Google Firebase Authentication | Account authentication (UID, name, email, profile photo URL) | Google infrastructure (global service, including outside Korea) |
| Google Firebase Firestore | Profiles, clip information, likes/follows, run sync data | Seoul, South Korea (asia-northeast3) |
| Google Firebase Cloud Functions | Server logic such as issuing upload/playback URLs, handling follows, and cleaning up deleted data | United States (us-central1) |
| Google Firebase Analytics | Anonymous usage statistics (1-5, with consent) | Google infrastructure (including outside Korea) |
| Google Firebase Crashlytics | Crash diagnostics (1-6) | Google infrastructure (including outside Korea) |
| Google Firebase App Check | Device integrity tokens to prevent app tampering | Google infrastructure |
| Cloudflare R2 | Storing and delivering clip videos/images and thumbnails, profile photos, and large route files | Cloudflare infrastructure (region auto-assigned, including outside Korea) |
| Google Maps SDK (Android) | Map display and course map rendering. Device and usage information may be sent to Google for rendering | Google infrastructure |
| Apple MapKit (iOS) | Map display and course map rendering | Apple infrastructure |
| Apple HealthKit (Apple Watch) | Heart rate and calorie measurement | On-device processing |
References: Google Privacy Policy · Firebase Data Processing · Cloudflare Privacy Policy · Apple Privacy Policy
5. Provision or Sale to Third Parties
The developer does not sell personal data and does not provide it to third parties for marketing purposes. Data processing is limited to the outsourcing scope in §4 (app operation, storage, statistics, diagnostics). The App contains no advertising SDK.
6. Retention Period and Destruction
| Data | Retention and destruction |
|---|---|
| On-device data | Deleted together when the App is deleted. Individual records can be deleted in the App. |
| Synced run records | When you delete a record in the App, it is immediately marked as deleted and is no longer displayed or synced in the App. Data of deleted records (including route files) is retained on the server for up to 90 days for multi-device propagation, and is then automatically and permanently destroyed. |
| Uploaded clips | When you delete your own clip, the clip information is deleted immediately and the media files (R2) are automatically cleaned up (a short delay is possible due to CDN cache propagation). |
| Account and profile | Retained until account deletion. See §7 for the deletion procedure. |
| Anonymous statistics and diagnostics data | Retained and deleted according to Firebase's data retention policies. |
| Report submission records | Retained for 1 year after report handling is complete (for dispute response purposes), then destroyed. |
7. Data Subject Rights and How to Exercise Them
You have the rights to request access, correction, deletion, and suspension of processing of your personal information, and to withdraw consent.
- Directly in the App: edit your profile (name, handle, bio, photo, visibility setting), delete clips, delete run records, withdraw analytics consent, sign out.
- Account deletion: an in-app account deletion feature is not currently provided. If you want your account and related data (profile, synced records, uploaded clips) deleted, please send a request to the contact point (§11). It will be processed without delay upon receipt. [In-app account deletion needs to be implemented — Apple review requirement (App Store Review 5.1.1(v)): after implementation, update this section to describe the in-app procedure]
- The legal guardian of a child under 14 may exercise the child's rights over their personal information.
Content Reporting and Blocking
- Offensive or inappropriate content can be reported to the contact point (§11), and content with accumulated reports may be automatically hidden for review. [In-app reporting UI needs to be implemented — Apple UGC review requirement: after implementation, update this to the in-app procedure]
- [User blocking feature needs to be implemented — Apple UGC review requirement: currently not provided; update this section after implementation]
8. Safeguards
- Encryption in transit (HTTPS).
- Server access control: Firebase Security Rules enforce that run sync data and non-public content are accessible only by the owner (or permitted followers).
- Private and Followers media and route files are accessible only via time-limited signed URLs.
- Firebase App Check (device integrity verification) is being introduced — rollout in progress.
- Analytics parameters are designed so that only predefined non-identifying items are transmitted.
- However, we cannot guarantee that transmission and storage over the internet is 100% secure.
9. Children's Personal Information
The App is not primarily targeted at children under 14 and does not intentionally collect children's personal information. Children under 14 cannot use account features (sign-in, the Runel feed) (prohibited under the Terms of Service). If we confirm that a child's personal information has been collected, we will destroy it without delay.
10. Changes to This Policy
This policy may be updated in response to changes in law or features. Significant changes (such as changes to collected items, purposes, or storage locations) will be announced in advance through the App or this document, and changes take effect from the posted effective date.
- This v2 is a revision reflecting the introduction of the Runel feed, run record sync, and runclip Pro payments.
11. Privacy Officer and Contact
The App is operated by an individual developer, who also serves as the privacy officer.
- Officer: Geonu Kim (developer)
- Email: i30649303@gmail.com
All inquiries — including requests for access, correction, deletion, or suspension of processing of personal information, account deletion requests, and content reports — are received at the email above. For reporting or consultation regarding personal information infringement, you may contact the Personal Information Infringement Report Center (privacy.kisa.or.kr, dial 118 in Korea) or the Personal Information Dispute Mediation Committee (kopico.go.kr, 1833-6972).
This document is published at https://runclip.kr/privacy.
Korean version (authoritative original): 개인정보 처리방침 (한국어판) — in case of any discrepancy, the Korean version prevails.