Privacy Policy

Last updated

This is the privacy policy for Just5K — the website at just5k.com and the iOS app of the same name. We've kept it short on purpose. If something here is unclear, email us and we'll fix the wording.

Who we are

Just5K is a small independent product. When we say "we" or "us" in this policy, we mean the team behind Just5K. When we say "you," we mean the person reading this page or using the app.

What we collect on the website

The website at just5k.com is mostly a static blog plus a download page. We use two analytics tools that are designed to respect privacy by default:

  • Vercel Analytics — counts pageviews and shows us which articles people read. It does not set cookies, does not store IP addresses, and cannot identify you across visits. See Vercel's privacy documentation.
  • Vercel Speed Insights — measures how fast pages load on real devices (Web Vitals). Same privacy properties as Vercel Analytics: anonymous, cookieless, no IP storage.

Both can be disabled per-device by visiting any page with ?noanalytics=1 in the URL once. The opt-out flag is stored in your browser's localStorage and applies until you clear it.

Beyond that, our hosting provider (Vercel) keeps standard server logs — request paths, timestamps, response codes — for operational and security reasons. These logs are retained for a short window and are not joined with anything else.

We do not set our own cookies, run third-party advertising, embed Facebook or Google tracking pixels, sell or rent any data, or build profiles of individual visitors.

What we collect in the iOS app

The Just5K iOS app (when installed) reads health data from Apple HealthKit to give you a personalized morning recommendation. We deliberately split the permission ask into two stages so you understand what each prompt is for:

Asked at the start of onboarding:

  • Sleep — duration and stage breakdown. Used to gauge how rested you are.
  • Resting heart rate — your daily resting heart rate. Used to detect when your body is under unusual load.
  • Heart rate variability — your daily HRV. Used to refine the "ready / take it easy / rest" recommendation.
  • Workouts — workout type, duration, and date. Used to track your training history.

Asked later, only when a specific feature needs it:

  • Heart rate during a workout
  • Step count
  • Respiratory rate
  • VO₂ max

You will see Apple's standard HealthKit prompt each time we ask for additional access, and you can decline any individual category without breaking the rest of the app.

The app only reads. It never writes to HealthKit, and it never asks for permissions we don't actually use — never your contacts, photos, microphone, location, or anything else outside the HealthKit categories listed above. Apple's HealthKit framework keeps this data on your device; Apple does not give us a way to read it remotely.

Today, the app does not have user accounts and does not send your health data to our servers. Everything stays on the device. If we add a backend later (for example, to sync your training plan across devices), we will update this policy before turning that on.

What we do not collect

  • We do not require you to create an account to use the website.
  • We do not run an email signup form on the website at this time. If we add one, this policy will be updated before it goes live.
  • We do not embed third-party trackers from advertising networks, social platforms, or data brokers.
  • We do not store your IP address.
  • We do not sell or share data with third parties for marketing.

Where data is processed

Vercel (our hosting provider) operates a global content delivery network. The website is served from the edge region closest to you, but data may be processed in any region Vercel operates, including the United States. Vercel relies on the European Commission's Standard Contractual Clauses to cover transfers of personal data outside the European Economic Area; their full list of subprocessors and safeguards is at vercel.com/legal/privacy-policy.

When the iOS app reads data from Apple HealthKit, that data stays on your device (per Apple's design). If we add a backend in the future, this section will be updated to describe where that data is stored.

Children

Just5K is not directed at children under 14 — the digital consent age under Spanish data-protection law (LOPDGDD). We do not knowingly collect personal data from minors. If you believe a minor has provided information through our site or app, contact us and we'll delete it.

Your rights

If you are in the European Economic Area, the United Kingdom, California, or another jurisdiction with data-protection rules, you have rights including access, correction, deletion, and portability of any personal data we hold about you.

In practice, today we hold almost nothing about individual users — there are no accounts, no email lists, no health data on our servers. Most "right to access" or "right to delete" requests resolve to "we don't have anything to give you, here's the proof." If you still want to exercise a right, email us at the address below and we will respond within 30 days.

How to contact us

Email us at hello@just5k.com. Include enough detail that we can act on the request — for example, the email address you signed up with, if any.

Changes to this policy

When we change what data we collect or how we use it, we will update this page and bump the "Last updated" date at the top. For material changes (like adding a backend that stores user data, or starting an email program), we will surface the change on the homepage before it takes effect.

The full version history of this page is in the public Git repository — every change is a commit you can review.