Code of Conduct

Effective Date: October 22, 2025

Last Updated: January 14, 2026

Business Status: Individual/Sole Proprietorship (Pre-Registration)

Important Notice: OUTRUN is currently operated as an individual project/sole proprietorship and is not yet a formally registered business entity. We are committed to operating in full compliance with Norwegian and European laws, and plan to complete formal business registration in Norway. This Code of Conduct applies regardless of business structure.

1. Purpose and Scope

This Code of Conduct ("Code") establishes the standards of behavior and ethical guidelines for OUTRUN application ("Application," "companion app," "App," "we," "us," or "our"), its users, developers, contributors, and all stakeholders. OUTRUN is currently operated as an individual project/sole proprietorship and is not yet a registered legal entity. This Code applies to all interactions within the Application, its associated services, and community spaces.

By using, accessing, or contributing to the Application, you agree to abide by this Code of Conduct and all applicable laws and regulations.

2. Our Commitment

We are committed to providing a safe, inclusive, welcoming, and harassment-free experience for everyone, regardless of:

  • Age
  • Body size
  • Disability (visible or invisible)
  • Ethnicity
  • Sex characteristics
  • Gender identity and expression
  • Level of experience
  • Education
  • Socioeconomic status
  • Nationality
  • Personal appearance
  • Race
  • Religion
  • Sexual identity and orientation

3. Expected Behavior

All users, contributors, and participants are expected to:

3.1 General Conduct

  • Exercise consideration, respect, and courtesy in all interactions
  • Communicate professionally and constructively
  • Respect differing viewpoints and experiences
  • Accept constructive criticism gracefully
  • Focus on what is best for the community and users
  • Show empathy toward other community members
  • Use the Application only for its intended lawful purposes

3.2 Data and Privacy Responsibilities

  • Protect the privacy and personal information of others
  • Comply with all applicable data protection laws (GDPR, Norwegian Personal Data Act, etc.)
  • Not attempt to access, collect, or distribute other users' data without explicit consent
  • Report any data breaches or security vulnerabilities promptly
  • Use personal data only as described in our Privacy Policy

3.3 Technical and Security Standards

  • Not attempt to reverse engineer, decompile, or hack the Application
  • Not introduce malicious code, viruses, or harmful software
  • Not circumvent security measures or authentication systems
  • Not exploit bugs or vulnerabilities for personal gain
  • Report security issues responsibly through proper channels
  • Respect rate limits and API usage guidelines

3.4 Integration and API Compliance

When using third-party integrations (including but not limited to Garmin Health API):

  • Comply with all third-party terms of service and API guidelines
  • Use API data only for intended and authorized purposes
  • Protect API credentials and access tokens
  • Respect data usage limitations and user consent requirements
  • Delete or anonymize data as required by API provider policies
  • Honor user revocation of permissions immediately

4. Prohibited Behavior

The following behaviors are strictly prohibited:

4.1 Harassment and Abuse

  • Harassment, intimidation, or discrimination of any kind
  • Violent threats or language directed against another person
  • Sexual language, imagery, or unwelcome sexual attention
  • Personal insults, name-calling, or derogatory comments
  • Trolling, inflammatory comments, or deliberate disruption
  • Doxxing (publishing private information without consent)
  • Stalking or unwanted attention, online or offline

4.2 Illegal Activities

  • Any activity that violates local, national, or international law
  • Distribution or promotion of illegal substances or activities
  • Fraud, deception, or misrepresentation
  • Money laundering or financial crimes
  • Infringement of third-party intellectual property rights
  • Unauthorized access to systems or data (hacking)
  • Distribution of child exploitation material (zero tolerance)

4.3 Harmful Content

  • Promotion of self-harm, suicide, or eating disorders
  • Graphic violence or gore
  • Hate speech or content that promotes violence or hatred
  • Spam, unsolicited advertising, or commercial solicitation
  • Misinformation that could cause harm to health or safety
  • Content that exploits or endangers minors

4.4 Service Abuse

  • Creating fake accounts or impersonating others
  • Automated or excessive use that disrupts service availability
  • Attempting to gain unauthorized access to accounts or systems
  • Selling, trading, or transferring accounts
  • Manipulating Application features or metrics
  • Circumventing payment systems or attempting to defraud

4.5 Data Misuse

  • Scraping or harvesting user data without authorization
  • Using personal data beyond the scope of user consent
  • Selling or sharing user data with unauthorized third parties
  • Retaining user data beyond legally permitted timeframes
  • Failing to implement appropriate data security measures

5. Health and Fitness Data Standards

Given the Application's focus on health and fitness data:

5.1 Data Accuracy

  • We strive for accurate data collection and presentation
  • Users acknowledge that fitness data is for informational purposes only
  • Predictive values are algorithm-based estimates and may not be accurate for all individuals
  • Users should verify predictions with actual measurements when possible
  • We do not provide medical advice, diagnosis, or treatment
  • Users should consult healthcare professionals for medical decisions

5.2 Integration with Health Platforms

  • We comply with Garmin Health API Terms of Service
  • We comply with Apple HealthKit, Google Fit, and other platform requirements
  • User health data is collected only with explicit consent
  • Users can revoke access to health data at any time
  • Health data is encrypted in transit and at rest
  • We do not sell or share health data for advertising purposes
  • Predictive algorithms use your data to improve predictions but do not share individual data with third parties
  • Algorithm improvements benefit from aggregated, anonymized data analysis

5.3 User Responsibilities

  • Users are responsible for the accuracy of manually entered data
  • Users should verify predictive values with actual measurements when possible
  • Users should not rely solely on the Application or its predictions for health decisions
  • Users should discontinue use if experiencing adverse effects
  • Users should maintain regular backups of important health data
  • Users should update their profile information (max HR, fitness level, etc.) for better prediction accuracy

6. Privacy and Data Protection

6.1 Data Collection and Use

  • We collect only necessary data for Application functionality
  • Data usage is described in our Privacy Policy
  • We implement industry-standard security measures
  • We comply with GDPR, Norwegian Personal Data Act (Personopplysningsloven), and other applicable regulations
  • We conduct regular security audits and assessments

6.2 User Rights

Users have the right to:

  • Access their personal data
  • Correct inaccurate data
  • Request data deletion (right to be forgotten)
  • Export their data (data portability)
  • Withdraw consent for data processing
  • Object to automated decision-making
  • Lodge complaints with the Norwegian Data Protection Authority (Datatilsynet) or other relevant supervisory authorities

6.3 Data Retention

  • We retain user data only as long as necessary
  • Deleted account data is removed within 30 days (except where legally required)
  • Anonymized data may be retained for analytics and improvement
  • Backup copies are securely deleted according to schedule

7. Intellectual Property and Content

7.1 User-Generated Content

  • Users retain ownership of their user-generated content and data
  • Users grant us a limited license to use submitted content for Application operation and service delivery
  • Users are responsible for ensuring they have rights to any content they upload
  • We respect the intellectual property rights of others

7.2 Third-Party Content and Rights

  • Users must not upload content that infringes third-party intellectual property rights
  • Copyright infringement will result in content removal and may result in account termination
  • We respond to valid takedown notices in accordance with applicable law
  • Users must respect trademarks, patents, and copyrights of third parties

8. Age Restrictions and Parental Consent

8.1 Minimum Age Requirements

  • Users must be at least 13 years old (16 in EEA)
  • Users under 18 require parental or guardian consent
  • We do not knowingly collect data from children without consent
  • Discovered underage accounts will be terminated

8.2 Parental Controls

  • Parents/guardians can request account information
  • Parents/guardians can request account deletion
  • We provide age-appropriate privacy protections

9. Enforcement and Consequences

9.1 Violation Response

Violations of this Code may result in:

  • Warning and required corrective action
  • Temporary suspension of account or access
  • Permanent account termination
  • Reporting to law enforcement (for illegal activities)
  • Legal action for damages or injunctive relief
  • Notification to API providers (e.g., Garmin) of policy violations

9.2 Review Process

  • Reported violations are investigated promptly
  • Users have the right to appeal enforcement decisions
  • Appeals should be submitted to: peder@outrun.no
  • Decisions are made fairly and consistently
  • Patterns of behavior are considered in enforcement

9.3 Reporting Mechanisms

To report violations:

  • Email: peder@outrun.no
  • In-app reporting feature
  • Privacy-focused web form: [website reporting URL]
  • All reports are treated confidentially
  • No retaliation against good-faith reporters

10. Compliance with External Requirements

10.1 App Store Compliance

We comply with:

  • Apple App Store Review Guidelines
  • Google Play Store Developer Program Policies
  • Amazon Appstore Content Policy Guidelines
  • Other distribution platform requirements

10.2 API Provider Compliance

We comply with:

  • Garmin Health API Terms of Service and Developer Agreement
  • Garmin Connect IQ SDK Agreement
  • Requirements of any health data platforms we integrate with
  • OAuth 2.0 and authentication best practices

10.3 Regulatory Compliance

We comply with:

  • General Data Protection Regulation (GDPR)
  • Norwegian Personal Data Act (Personopplysningsloven)
  • Norwegian Marketing Control Act (Markedsføringsloven)
  • Norwegian E-Commerce Act (E-handelsloven)
  • Norwegian Consumer Protection laws
  • ePrivacy Directive and national implementations
  • Accessibility standards (WCAG 2.1, Norwegian accessibility requirements)
  • European consumer protection regulations

11. Developer and Contributor Standards

11.1 Code Contributions

Contributors must:

  • Submit original work or properly licensed code
  • Follow coding standards and documentation requirements
  • Respect code review feedback
  • Not introduce security vulnerabilities knowingly
  • Sign Contributor License Agreement if/when required (to be implemented upon business registration)

11.2 Professional Standards

Developers and contributors must:

  • Maintain confidentiality of sensitive information
  • Disclose conflicts of interest
  • Not use insider information for personal gain
  • Follow responsible disclosure for security issues
  • Respect intellectual property rights

12. Liability and Disclaimers

12.1 No Medical Advice

  • The Application is not a medical device
  • Content is for informational purposes only
  • We do not provide medical advice, diagnosis, or treatment
  • Always consult healthcare professionals for medical decisions

12.2 Limitation of Liability

  • Use of the Application is at your own risk
  • We provide the Application "as is" without warranties
  • To the extent permitted by Norwegian law, we are not liable for data loss, service interruptions, or indirect damages
  • This limitation applies subject to mandatory consumer protection laws
  • As an unregistered entity, liability may extend to the operator personally
  • See Terms of Service for complete liability terms

12.3 Third-Party Services

  • We are not responsible for third-party services or content
  • Third-party integrations have their own terms and policies
  • Users should review third-party terms before connecting services

13. Modifications to This Code

We reserve the right to modify this Code of Conduct at any time:

  • Material changes will be communicated to users
  • Continued use after changes constitutes acceptance
  • Previous versions are archived and available upon request
  • Users who disagree with changes should discontinue use

14. Governing Law

This Code of Conduct is governed by:

  • The laws of Norway
  • General Data Protection Regulation (GDPR) and EEA regulations
  • Applicable international laws and treaties
  • Industry standards and best practices
  • Mandatory consumer protection laws of user jurisdictions

Disputes will be subject to Norwegian law and the jurisdiction of Norwegian courts. However, users retain the right to lodge complaints with the Norwegian Data Protection Authority (Datatilsynet) and other relevant supervisory authorities.

15. Contact Information

For questions, concerns, or reports regarding this Code of Conduct:

Primary Contact:
Email: peder@outrun.no
Response time: Within 48 hours for urgent matters

Data Protection Officer:
Email: peder@outrun.no

Security Issues:
Email: peder@outrun.no

General Support:
Email: peder@outrun.no
Website: outrun.no

Mailing Address:
OUTRUN
Gaustadalléen 21
0349 Oslo
Norway

Business Status:
OUTRUN is currently operated as an individual project/sole proprietorship and is in the process of formal business registration. This Code of Conduct will remain in effect during and after the registration process.

Regulatory Authority:
Norwegian Data Protection Authority (Datatilsynet)
Website: https://www.datatilsynet.no
Phone: +47 22 39 69 00

16. Acknowledgment

By using the Application, you acknowledge that:

  • You have read and understood this Code of Conduct
  • You agree to comply with all provisions herein
  • You understand the consequences of violations
  • You will promptly report violations you observe
  • You accept the enforcement mechanisms described

Additional Resources

This Code of Conduct is designed to ensure compliance with:

  • Apple App Store Review Guidelines
  • Google Play Developer Program Policies
  • Garmin Health API Developer Agreement
  • GDPR and Norwegian Personal Data Act (Personopplysningsloven)
  • Norwegian consumer protection and e-commerce regulations
  • Industry best practices for health and fitness applications

Document Version: 1.1
Document ID: COC-2025-001
Classification: Public
Business Status: Individual/Sole Proprietorship (Pre-Registration)
Last Updated: January 14, 2026

This Code of Conduct is part of our commitment to maintaining a safe, compliant, and user-focused application. We continuously review and update our policies to meet evolving legal requirements and industry standards.

Note on Business Structure: OUTRUN is currently operated as an individual project/sole proprietorship. Upon formal business registration (anticipated as an AS (Aksjeselskap) or other Norwegian business entity), this Code of Conduct will be updated to reflect the new legal structure. All commitments and obligations herein will continue to apply regardless of business structure changes.