Privacy Policy

Overview

RunwayBot AI prioritizes user privacy. This policy covers data collection, storage, retention, and user rights under GDPR.

Information Collected

The platform gathers the following types of information:

• Account details (name, email, organisation name)
• Financial data via secure integrations (bank accounts, accounting software, transaction history)
• Chat conversations with the AI assistant
• Usage data (feature interactions, browser info)

Data Storage & Security

We take security seriously and implement industry-standard protections:

• AES-256 encryption for sensitive data at rest
• TLS 1.3 for all data in transit
• PostgreSQL with role-based access controls

Data Retention

• Active account data is retained while your account is active
• Financial records persist for 7 years for compliance purposes
• Deleted accounts are removed within 30 days

Your Rights (GDPR)

You have the right to request:

• Access to your personal data
• Rectification of inaccurate data
• Erasure of your data
• Restriction of processing
• Data portability
• Object to certain processing

Contact support@runwaybot.ai to exercise these rights.

Cookies

We use only essential cookies including session tokens, CSRF tokens, and preferences. We do not use third-party tracking or analytics cookies.

Legal Basis for Processing

We process your data under the following legal bases: contract performance, legitimate interests, consent, and legal obligations.

Third-Party Services

We work with trusted partners to provide our services:

• Teller - Bank account integrations (US)
• QuickBooks Online - Accounting data integration
• Xero - Accounting data integration
• Anthropic / OpenRouter - AI services
• Resend - Email delivery
• Railway - Cloud hosting

Data Breaches

In the event of a data breach that affects your personal information, you will be notified within 72 hours.

Contact

For privacy-related inquiries, contact us at support@runwaybot.ai

Data Controller: Tiny Bot Labs Limited