Runcaster

Privacy Policy

Runcaster Privacy Policy

Last updated: January 16, 2026

Overview

Runcaster is a Farcaster and Base-native running mini app that connects to Garmin to create shareable run cards. This policy explains what data we collect, how we use it, and the choices you have.

Garmin Connect Data

When you connect your Garmin account via the Garmin Connect API, we access and store the following data:

  • OAuth tokens: Access and refresh tokens to maintain your connection. Tokens are stored securely and never exposed to the browser.
  • Garmin user ID: A stable identifier from Garmin used to link your activities.
  • Activity summaries: Running activity metadata including start time, duration, distance, pace, activity name, and device information.
  • GPS route data: When available, GPS coordinates from your activities to render route maps on share cards.

We only collect running activities (including trail running and treadmill running). Other activity types are not stored.

Purpose limitation

We use Garmin data only to generate your run card and enable you to share it on Farcaster. We do not use the data for advertising, profiling, or unrelated analytics.

User Control and Disconnection

You have full control over your Garmin connection:

  • Disconnect anytime: Use the "Disconnect" button in the app to revoke Runcaster's access to your Garmin account.
  • Data deletion: When you disconnect, we delete your OAuth tokens and Garmin registration. Your activity data remains stored but will no longer update.
  • Full deletion: Contact us to request complete deletion of all your data including stored activities and generated share cards.
  • Garmin side: You can also revoke access from within your Garmin Connect account settings under connected apps.

Data sharing

We do not sell your data. Data is shared externally only when you explicitly post a run card to Farcaster.

Storage and retention

We keep data only as long as needed to provide the service. You control deletion and may remove your data by disconnecting Garmin or contacting support. We do not retain data longer than necessary for run card creation and sharing.

Security practices

We use TLS for data in transit and access controls for stored data. We limit access to production systems to authorized personnel only.

Third-party Infrastructure

  • Vercel: Hosting, deployment, and blob storage for share card images.
  • Supabase: PostgreSQL database for storing user connections and activity data.
  • Garmin Connect API: Activity data is received from Garmin via secure webhooks.

Jurisdiction

This service is operated from the United States.

Contact

For privacy questions or data requests, contact kyle.lynch@runcaster.app.