Privacy Policy

Overview

RunwayBot AI prioritizes user privacy. This policy covers data collection, storage, retention, and user rights under GDPR.

Information Collected

The platform gathers the following types of information:

• Account details (name, email, company)
• Financial data via secure integrations (bank accounts, transaction history)
• Usage metrics (AI interactions, browser info)

Data Storage & Security

We take security seriously and implement industry-standard protections:

• AES-256 encryption for sensitive data at rest
• TLS 1.3 for all data in transit
• PostgreSQL with role-based access controls

Data Retention

• Active account data is retained during your membership
• Financial records persist for 7 years for compliance purposes
• Deleted accounts are removed within 30 days

Your Rights (GDPR)

You have the right to request:

• Access to your personal data
• Rectification of inaccurate data
• Erasure of your data
• Restriction of processing
• Data portability
• Object to certain processing

Contact privacy@runwaybot.ai to exercise these rights.

Cookies

We use only essential cookies including session tokens, CSRF tokens, and preferences. We do not use third-party tracking or analytics cookies.

Legal Basis for Processing

We process your data under the following legal bases: contract performance, legitimate interests, consent, and legal obligations.

Third-Party Services

We work with trusted partners to provide our services:

• Teller / GoCardless - Banking integrations
• Stripe - Payment processing
• OpenAI / Anthropic - AI services
• Resend - Email delivery

Data Breaches

In the event of a data breach that affects your personal information, you will be notified within 72 hours.

Contact

For privacy-related inquiries, contact us at privacy@runwaybot.ai

Data Controller: Tiny Bot Labs Limited