Saffrun

Privacy Policy

Saffrun helps runners in the EU find better gear with independent, AI-driven shoe recommendations. We only collect the data we need to provide this service and to improve it responsibly. This policy describes what we collect, why, and your rights.

Controller & contact

The data controller is Saffrun, established in the Netherlands. For users in the Netherlands and the European Economic Area (EEA), we process personal data in accordance with the General Data Protection Regulation (GDPR) and Dutch data protection law. For privacy requests or questions, contact us at support@saff.run or via the Contact page.

What data we collect

  • Quiz answers: Running experience, goals, distances, pace, surface preferences, and other answers you give in the shoe quiz.
  • Account data (if you register): Email, name (if provided), and preferences stored in your account (e.g. locker/saved shoes).
  • Technical data: IP address, device type, browser, and similar data needed for security and basic operation.
  • Cookies and similar tech: See the Cookies section below.
  • Communications: If you contact us (e.g. via Contact form), we process the content and contact details you provide.

Purposes & lawful bases

  • Providing the service (contract): To run the quiz, generate recommendations, and (if you have an account) manage your profile and locker. Lawful basis: performance of contract.
  • Analytics & improvement (consent): To understand how the site is used and improve it we use non-essential analytics (PostHog). Under the ePrivacy Directive and GDPR we do this only with your consent. You can withdraw or change consent at any time via "Cookie preferences" in the footer.
  • Security (legitimate interest): To protect against abuse, fraud, and security incidents. Lawful basis: legitimate interest.
  • Affiliate tracking: When you click through to retailers, affiliate networks (e.g. Awin, Daisycon) may set cookies and process data per their policies to attribute commissions. We do not control their processing; see Cookies and third parties below.

Processors & third parties

We use the following processors and services that may process personal data on our behalf or as independent controllers:

  • Clerk — authentication and account management
  • PostHog — product analytics (only with your consent, via our cookie banner)
  • Vercel — hosting and serverless functions
  • Railway — backend and database hosting
  • Affiliate networks (e.g. Awin, Daisycon) — tracking of clicks and conversions to retailers; they act as independent controllers for their tracking. Their cookies and policies apply when you click our links to retailers.

We choose providers that meet GDPR requirements and, where applicable, use Data Processing Agreements. We do not sell your personal data.

International transfers

Some of our processors may be located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place (such as adequacy decisions, standard contractual clauses, or other mechanisms approved under GDPR).

Cookies & affiliate tracking

We use cookies and similar technologies for: (1) essential operation (e.g. session, authentication) — no consent required; (2) analytics (PostHog) — only with your consent, which you can give or withdraw via "Cookie preferences" in the footer; (3) affiliate tracking — when you click a link to a retailer, the affiliate network may set cookies to attribute a purchase to us. We do not control those cookies; see the network's and retailer's privacy policies. In our cookie banner you can choose: "Accept all" (analytics enabled) or "Allow necessary only" (only cookies needed for the site to work; no analytics).

Retention

  • Account and quiz data: retained while your account is active; after account closure or deletion request, we delete or anonymise within 6 months unless we must keep it for legal obligations.
  • Logs and security-related data: typically up to 12 months unless a longer period is required for legal or security reasons.
  • Analytics: aggregated or pseudonymised where possible; retention in line with our analytics provider's settings and consent.

Your rights & complaint authority

Under the GDPR you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (subject to exceptions)
  • Restrict processing in certain cases
  • Data portability where applicable
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (where we rely on consent), e.g. via "Cookie preferences" in the footer

To exercise these rights, contact us at support@saff.run. If you are in the Netherlands or another EEA country, you also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, that is the Autoriteit Persoonsgegevens (AP).

Expert insight: Our AI shoe quiz is designed to be helpful without being intrusive. We do not need detailed medical histories or precise GPS traces to suggest gear; we rely on high-level signals like experience, distance ranges, and surface type. This lets us give meaningful recommendations while keeping the amount of personal data we process as small as possible.

Last updated: March 2025. We may update this policy from time to time; material changes will be communicated on the site or by email where appropriate.