← Back to homepage

Privacy Policy

Last updated: 29 April 2026

This privacy policy explains how DEAFOR LTD ("we", "us", "our") collects, uses, and protects your personal data when you use our website at runverifiedapp.com or our forthcoming mobile application.

We are based in Sofia, Bulgaria, and we comply with the EU General Data Protection Regulation (GDPR) and Bulgarian data protection law.

Who we are

RunVerified is a brand operated by DEAFOR LTD, a Bulgarian limited liability company (ЕООД). Our registered address is Bulgaria, 1421 Sofia, ul. Dobar unak 2, office 1. Our VAT number is BG205403854. You can contact our data protection officer at privacy@runverifiedapp.com.

What data we collect

When you join our waitlist, we collect:

  • Your email address
  • The date and time you signed up
  • Your country (derived from your IP address — we do not store the IP itself beyond 24 hours)
  • The referral code you used (if any) and the referral code we generated for you
  • Basic browser information (user agent) for security and fraud prevention

When you visit our website, we may collect:

  • Anonymous analytics about which pages you visit and how you interact with them, only if you've accepted analytics cookies
  • A session cookie that keeps you logged in when authentication is added

We do not collect any other personal data at this stage. Once the mobile application launches, additional data will be collected (running activity, location, optional health metrics) and this policy will be updated accordingly.

Why we collect this data

  • Email address: to send you waitlist updates, your founding member confirmation, and product launch information.
  • Country and analytics: to understand where our audience is and improve the website experience.
  • Referral codes: to award the recurring referral income you've been promised when the platform launches.
  • Browser information: to detect fraudulent signups and prevent abuse of the waitlist system.

The legal basis for this processing is your consent (GDPR Article 6(1)(a)) for marketing communications, and our legitimate interest (GDPR Article 6(1)(f)) for fraud prevention and analytics.

Who we share data with

We use the following service providers, all of whom are bound by data processing agreements:

  • Supabase Inc. — stores your waitlist data (servers in EU)
  • Resend — sends transactional emails (servers in EU and US)
  • Vercel Inc. — hosts our website (servers globally, with EU edge nodes)
  • PostHog — anonymous product analytics (EU instance, only with your consent)
  • Cloudflare Inc.— provides bot protection (Turnstile). Cloudflare may receive your IP address, browser fingerprint, and basic interaction data when you submit a form. This is processed in real time and not stored. Cloudflare's privacy policy: cloudflare.com/privacypolicy/.

We never sell your data. We never share it with advertisers. We never use it for advertising purposes.

How long we keep your data

  • Waitlist email and metadata: until you unsubscribe or until 6 months after our public launch, whichever comes first
  • Analytics data: 13 months from collection
  • Email logs (Resend): 30 days

Your rights under GDPR

You have the right to:

  • Accessyour data — email privacy@runverifiedapp.com and we'll send you everything we have
  • Correct any incorrect data
  • Deleteyour data ("right to erasure") — email privacy@runverifiedapp.com or click "unsubscribe" in any email
  • Export your data in a portable format
  • Object to processing
  • Withdraw consent at any time

We respond to all requests within 30 days, as required by law.

Cookies

Our website uses two types of cookies:

  • Essential cookies — required for the site to function (consent state, security)
  • Analytics cookies — help us understand how the site is used (only if you accept them)

You can change your cookie preferences at any time by clearing your browser's localStorage for runverifiedapp.com.

Data security

Your data is encrypted in transit (HTTPS) and at rest (Supabase encryption). Access is restricted to authorized personnel only. We use Stripe and similar PCI-compliant providers for any future payment data — we never see or store payment card details ourselves.

Children

RunVerified is not intended for users under 16. We do not knowingly collect data from anyone under 16. If you believe we have, contact privacy@runverifiedapp.com and we will delete it promptly.

Changes to this policy

We may update this policy occasionally. The "last updated" date at the top will reflect the most recent change. Material changes will be communicated via email to subscribed users.

Complaints

If you're unhappy with how we handle your data, you can complain to the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни) at cpdp.bg.

Contact

For any privacy-related questions, email privacy@runverifiedapp.com.