Privacy Policy

Effective: January 22, 2026 | Last Updated: January 22, 2026

TT Runner ("Company," "we," "us," or "our") is committed to protecting users' personal information in accordance with the Personal Information Protection Act of the Republic of Korea. This Privacy Policy describes how we collect, use, and safeguard your personal information.

Article 1. Information We Collect

1. Personal Information Collected

A. Required Information

Category	Items Collected	Purpose
Account Information	Email address, nickname, profile photo	User identification, service provision
Device Information	Device identifier, OS type and version, app version	Service optimization, error analysis

B. Optional Information

Category	Items Collected	Purpose
Location Data	GPS-based real-time location, running routes	Run tracking, route recording
Health Data	Heart rate, calories burned, VO2Max, running records	Exercise analysis, fitness index calculation
Physical Data	Height, weight, birth year, gender	Personalized exercise analysis
Profile Data	Running experience, goal settings	Personalized training recommendations

C. Automatically Collected Information

Service usage records (running logs, crew activities, posts, likes, comments)
Access logs, IP addresses, access timestamps
Advertising identifiers (IDFA, GAID)

2. Methods of Collection

Social login (Google, Kakao) during registration
Direct user input through in-app profile settings
Automatic generation and collection during service use
Health data synchronization via Apple HealthKit or Google Health Connect
Location data collection when GPS is enabled

Article 2. Purpose of Collection and Use

1. User Management

Registration verification and membership service provision
User identification and authentication
Prevention of unauthorized use

2. Service Provision

Running record and analysis services
GPS-based run tracking and route storage
Health data integration and fitness analysis (VDOT calculation, etc.)
Crew services and social features
Rankings and battle services

3. Service Improvement

Usage statistics analysis
New service development and existing service improvement
Error analysis and quality enhancement

4. Marketing and Advertising

Personalized advertising via Google AdMob
Event and promotion notices (with separate consent)

5. Safe Service Environment

Prevention and restriction of service misuse
Record retention for dispute resolution

Article 3. Retention and Use Period

1. General Principle

We destroy personal information without delay once the purpose of collection and use has been achieved, unless retention is required by applicable law.

2. Upon Account Deletion

Personal information is immediately destroyed upon account deletion request, except for the following:

Retained Items	Retention Period	Basis
Service usage records	3 months	Prevention of misuse
Records of service misuse	1 year	Prevention of recurring misuse

3. Retention Required by Law

Retained Items	Retention Period	Legal Basis
Contract or subscription withdrawal records	5 years	Act on Consumer Protection in Electronic Commerce
Payment and goods supply records	5 years	Act on Consumer Protection in Electronic Commerce
Consumer complaint or dispute records	3 years	Act on Consumer Protection in Electronic Commerce
Display/advertising records	6 months	Act on Consumer Protection in Electronic Commerce
Service access records	3 months	Protection of Communications Secrets Act

Article 4. Disclosure to Third Parties

We do not provide personal information to third parties except in the following cases:

When prior consent has been obtained from the user
When required by law, such as requests made through legal procedures for investigation purposes or court orders

Article 5. Outsourcing of Data Processing

We outsource personal information processing as follows:

Service Provider	Outsourced Tasks	Retention Period
Amazon Web Services (AWS)	Cloud server hosting, data storage	Until account deletion or contract termination
Google LLC (Firebase)	App analytics, push notification delivery	Until account deletion or contract termination
Google LLC (AdMob)	Advertising services	From collection of ad identifier until user reset

We ensure that outsourced parties manage personal information safely through contractual provisions.

Article 6. User Rights and How to Exercise Them

1. User Rights

Users may exercise the following rights at any time:

Request to access personal information
Request to correct personal information
Request to delete personal information
Request to suspend processing of personal information

2. How to Exercise Rights

In-app settings: Profile > Settings > Account Management
Email: support@ttrunner.com

3. Processing Timeline

Access, correction, deletion requests: Processed within 10 days
Suspension requests: Processed immediately (except where retention is required by law)

4. Exercise of Rights Through a Representative

Users may exercise their rights through a legal representative or authorized agent, provided a power of attorney is submitted in accordance with relevant regulations.

Article 7. Destruction of Personal Information

1. Destruction Procedure

We destroy personal information without delay when it is no longer needed due to expiration of the retention period or achievement of the processing purpose.

2. Destruction Methods

Electronic files: Permanently deleted using methods that prevent recovery
Paper documents: Shredded or incinerated

Article 8. Security Measures

1. Administrative Measures

Establishment and implementation of internal management plans
Minimization and training of personnel handling personal information

2. Technical Measures

Encryption of personal information (SSL/TLS for transmission, AES-256 for storage)
Installation and operation of security systems against hacking
Access rights management and access control

3. Physical Measures

Use of physical security facilities in cloud servers (AWS)

Article 9. Collection and Use of Location Data

1. Purpose

We collect GPS-based location data to provide run tracking services.

2. Retention Period

Stored as route data when saving running records
Immediately destroyed upon account deletion

3. Right to Refuse

Users may refuse location data collection through app settings. In this case, the run tracking feature may be restricted.

Article 10. Processing of Health Data

1. Health Data Collected

When connected via Apple HealthKit or Google Health Connect, the following data is collected:

Running workout records
Heart rate data
Calories burned
VO2Max (maximal oxygen uptake)

2. Purpose of Use

Exercise analysis and fitness index (VDOT) calculation
Personalized training recommendations
Running statistics

3. Withdrawal of Consent

Users may disconnect health data integration at any time through app settings.

Article 11. Advertising and Personalized Ads

1. Promotional Communications

Marketing communications are sent only to users who have given separate consent.

2. Personalized Advertising

We provide personalized advertising through Google AdMob. Users may limit personalized advertising through the following methods:

iOS: Settings > Privacy & Security > Tracking > Disable "Allow Apps to Request to Track"
Android: Settings > Google > Ads > Opt out of Ads Personalization

Article 12. Privacy Officer

We have designated a Privacy Officer responsible for overseeing personal information processing and handling user complaints:

Privacy Officer
Email: privacy@ttrunner.com

Privacy Team
Email: support@ttrunner.com

Article 13. Remedies for Rights Infringement

Users may contact the following organizations for dispute resolution or consultation regarding personal information infringement:

Organization	Contact	Website
Personal Information Dispute Mediation Committee	1833-6972	www.kopico.go.kr
Personal Information Infringement Report Center	118	privacy.kisa.or.kr
Supreme Prosecutors' Office Cyber Investigation Division	1301	www.spo.go.kr
National Police Agency Cyber Bureau	182	ecrm.cyber.go.kr

Article 14. Changes to This Policy

This Privacy Policy may be updated due to changes in laws, policies, or security technologies. Changes will be notified in advance through in-app notices or push notifications.

Supplementary Provisions

This Privacy Policy is effective as of January 22, 2026.