Legal

Privacy Policy

Effective date: May 1, 2026 · Last updated: May 1, 2026

Runio ("we," "us," "our") respects your privacy. This Privacy Policy explains what information we collect when you use our platform and website (the "Service"), how we use it, and your rights regarding that information. By using the Service, you agree to this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

We collect information you give us directly, including:

Account information: name, email address, password when you register
Billing information: payment method details (processed by our payment provider — we don't store raw card numbers)
Content: text, documents, and other data you submit to the Service to generate AI outputs
Communications: messages you send to our support team

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

Usage data: pages visited, features used, actions taken, time spent
Device and log data: IP address, browser type and version, operating system, referring URLs, error logs
Cookies and similar technologies: see Section 3 below

1.3 Information from Third Parties

We may receive information about you from third-party services you connect to Runio (e.g., OAuth sign-in providers). This information is governed by the third party's privacy policy and your privacy settings with them.

2. How We Use Your Information

Purpose	Legal Basis (GDPR)
Providing and improving the Service	Performance of a contract
Processing payments and managing subscriptions	Performance of a contract
Sending transactional emails (receipts, password resets)	Performance of a contract
Sending product updates and marketing (you can opt out)	Legitimate interests / consent
Analyzing usage to improve the product	Legitimate interests
Preventing fraud and ensuring security	Legitimate interests / legal obligation
Complying with legal obligations	Legal obligation

3. Cookies

3.1 What Are Cookies

Cookies are small text files placed on your device by websites you visit. We use cookies and similar tracking technologies (web beacons, pixels) to operate and improve the Service.

3.2 Types We Use

Essential cookies: Required for the Service to function (authentication, session management). Cannot be disabled.
Analytics cookies: Help us understand how users interact with the Service (e.g., page views, feature usage). We use this data in aggregate to improve our product.
Preference cookies: Remember your settings (theme, language) so you don't have to re-enter them each visit.

3.3 Managing Cookies

You can control or delete cookies through your browser settings. Disabling essential cookies will impair Service functionality. For more about cookies, visit allaboutcookies.org.

4. Third-Party Services

We work with trusted third-party providers. Each has its own privacy policy governing data it collects:

Payment processing: Stripe — stripe.com/privacy
Cloud infrastructure: Render, Neon — hosting and database services
AI processing: Anthropic, OpenAI — AI model inference for generating outputs
Analytics: Datadog — application performance monitoring and error tracking
Email delivery: Postmark — transactional email delivery

We do not sell your personal data to third parties. We share data with these providers only to the extent necessary to deliver the Service.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain data for up to 90 days for backup and legal compliance purposes, then delete it. Anonymized or aggregated data may be retained indefinitely for analytics.

6. Your Rights (GDPR and Beyond)

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data ("right to be forgotten")
Portability: Receive your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interests
Restriction: Request restriction of processing in certain circumstances
Withdraw consent: Withdraw consent at any time where processing is based on consent (e.g., marketing emails)

To exercise any of these rights, contact us at hello@run-io.com. We'll respond within 30 days. EU/EEA residents may also lodge a complaint with their local supervisory authority.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data — including encryption at rest and in transit, access controls, and regular security reviews. No system is 100% secure. In the event of a data breach affecting your rights, we'll notify you as required by applicable law.

8. International Transfers

Runio operates in the United States. If you access the Service from the EU, EEA, UK, or elsewhere, your data may be transferred to and processed in the US. We apply appropriate safeguards for such transfers, including Standard Contractual Clauses where required under GDPR.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If we learn we have collected such data, we will delete it promptly. Contact us at hello@run-io.com if you believe a child has provided us their information.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we'll update the "Last updated" date above and notify you of material changes by email or in-app notice. Your continued use of the Service after any update constitutes acceptance of the revised Policy.

11. Contact Us

Questions or concerns about this Privacy Policy? Contact our privacy team at hello@run-io.com.