Privacy Policy
Last updated: April 15, 2026
Our Role
Ruunly processes two broad categories of information.
For information about Ruunly account owners, trial users, website visitors, prospects, and platform administrators, Ruunly acts as a business or controller.
For information about a Ruunly business customer's End Customers, Ruunly generally acts as a service provider or processor to the business customer. The business customer decides what End Customer information to collect, why it is collected, how long to keep it, and how to communicate with End Customers. End Customers should contact the business they purchased from to exercise privacy rights about that business's records. If Ruunly receives an End Customer request directly, we may forward it to the relevant business customer unless the law requires us to respond directly.
Categories of Personal Information
Depending on how the Service is used, Ruunly may collect or process these categories of personal information:
Identifiers
- Examples
- Name, email, phone number, account ID, IP address, business name
- Sources
- You, business customers, End Customers, service providers
- Purposes
- Account creation, authentication, support, fraud prevention, communications
Customer records
- Examples
- Billing contact details, service address, invoice history, membership status
- Sources
- Business customers, End Customers, Stripe
- Purposes
- Billing, customer management, subscription management, dispute handling
Commercial information
- Examples
- Plan selected, invoices, payments, refunds, chargebacks, subscription status
- Sources
- You, Stripe, business customers
- Purposes
- Payment processing, accounting, tax, support, analytics
Internet and device information
- Examples
- Log data, browser type, pages viewed, dashboard events, error reports
- Sources
- Your browser or device
- Purposes
- Security, debugging, product improvement, abuse prevention
Geolocation
- Examples
- Approximate location from IP address; service addresses entered by users
- Sources
- Your device, user-entered information
- Purposes
- Security, tenant routing, scheduling, service delivery
Professional or business information
- Examples
- Company name, role, service category, team members, business address
- Sources
- You, business customers
- Purposes
- Account administration, onboarding, support
Communications
- Examples
- Support emails, chat or form submissions, message metadata, delivery events
- Sources
- You, End Customers, Resend, Telnyx
- Purposes
- Support, message delivery, compliance, suppression management
Sensitive personal information
- Examples
- Account login credentials, payment-related identifiers, contents of messages where users include sensitive information
- Sources
- You, End Customers, Stripe, Supabase
- Purposes
- Authentication, payment processing, security, service delivery
| Category | Examples | Sources | Purposes |
|---|---|---|---|
| Identifiers | Name, email, phone number, account ID, IP address, business name | You, business customers, End Customers, service providers | Account creation, authentication, support, fraud prevention, communications |
| Customer records | Billing contact details, service address, invoice history, membership status | Business customers, End Customers, Stripe | Billing, customer management, subscription management, dispute handling |
| Commercial information | Plan selected, invoices, payments, refunds, chargebacks, subscription status | You, Stripe, business customers | Payment processing, accounting, tax, support, analytics |
| Internet and device information | Log data, browser type, pages viewed, dashboard events, error reports | Your browser or device | Security, debugging, product improvement, abuse prevention |
| Geolocation | Approximate location from IP address; service addresses entered by users | Your device, user-entered information | Security, tenant routing, scheduling, service delivery |
| Professional or business information | Company name, role, service category, team members, business address | You, business customers | Account administration, onboarding, support |
| Communications | Support emails, chat or form submissions, message metadata, delivery events | You, End Customers, Resend, Telnyx | Support, message delivery, compliance, suppression management |
| Sensitive personal information | Account login credentials, payment-related identifiers, contents of messages where users include sensitive information | You, End Customers, Stripe, Supabase | Authentication, payment processing, security, service delivery |
Ruunly does not intentionally collect government IDs, biometric identifiers, children's data, protected health information subject to HIPAA, or precise geolocation unless a user or business customer enters that information into the Service. The Service is not designed for HIPAA-covered use.
How we use your data
We use your data to:
- Operate and improve the Ruunly platform
- Process payments and manage billing
- Send transactional emails (receipts, alerts, account notifications)
- Provide customer support
- Detect and prevent fraud and abuse
- Comply with legal obligations
We do not sell your personal data or your clients' data to third parties.
How We Disclose Personal Information
We disclose personal information to service providers and subprocessors that help us provide the Service, including hosting, database, authentication, payment processing, email delivery, SMS delivery, file storage, analytics, logging, support, and security providers.
We may disclose information to Stripe and financial institutions for payment processing, fraud prevention, disputes, refunds, tax reporting, and legal compliance. We may disclose information between a Ruunly business customer and its authorized users or End Customers as needed to provide the Service.
We may disclose information to comply with law, enforce our terms, protect rights and safety, investigate abuse or fraud, complete a business transaction such as a merger or acquisition, or with your direction or consent.
We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising unless a future product change expressly discloses that practice and provides required opt-out rights.
Third-party services
Ruunly uses the following third-party services. A complete list is on our Subprocessors page.
- Supabase — Authentication and database hosting. Supabase is SOC 2 Type II certified (their certification, not Ruunly's). Supabase Privacy Policy
- Stripe — Payment processing. Stripe is PCI DSS Level 1 certified. Card data never touches Ruunly servers — we use Stripe-hosted Checkout. Stripe Privacy Policy
- Resend — Transactional and marketing email delivery.
- Telnyx — SMS delivery for appointment reminders and billing notifications (where enabled).
- Cloudflare — CDN, DDoS protection, file storage (R2), and Turnstile (bot and spam prevention on public forms). Data stored in US regions.
- PostHog — Product analytics. Initialized only after you accept analytics cookies via our cookie banner. PostHog does not receive data until consent is given.
- Sentry — Error monitoring and crash reporting. Receives anonymized error context (stack traces, browser metadata) to help us diagnose application issues.
- Inngest — Background job orchestration for billing, messaging, and workflow automation. Processes event payloads on Ruunly's behalf.
State Privacy Rights
Depending on your state of residence and how you interact with Ruunly, you may have rights to request access, correction, deletion, portability, restriction, limitation of sensitive personal information, and opt-out of sale, sharing, targeted advertising, or certain profiling. California residents also have the right not to be discriminated against for exercising CCPA rights.
To make a request, email [email protected]. If your request concerns a Ruunly business customer's records about you, we may direct you to that business or forward your request to that business. We may verify your identity before fulfilling a request. You may use an authorized agent where permitted by law, but we may require proof of authorization and identity verification.
We respond to verifiable consumer requests within 45 days where CCPA applies, unless we notify you that more time is needed. If your state provides an appeal right and we deny your request, you may appeal by replying to our decision email with “Privacy Appeal” in the subject line.
Ruunly will honor legally required opt-out preference signals, including Global Privacy Control, if Ruunly engages in a practice that requires recognition of those signals. At launch, Ruunly does not sell personal information or share it for cross-context behavioral advertising.
Retention
We keep personal information only as long as needed for the purposes described in this Policy, unless a longer period is required or permitted by law.
| Data type | Typical retention |
|---|---|
| Account and tenant profile data | While the account is active, then for a limited recovery period after cancellation |
| Trial account data | Through the trial and post-trial recovery period described in the product, then deletion or deactivation |
| End Customer operational records | As configured by the business customer, subject to legal, financial, backup, and abuse-prevention needs |
| Invoices, payment, refund, dispute, and tax records | Generally up to 7 years or longer if required for tax, accounting, dispute, or legal obligations |
| Consent records, unsubscribe records, and suppression lists | As long as needed to prove consent or honor opt-out obligations |
| Security logs and audit logs | As long as needed for security, fraud prevention, compliance, and investigation |
| Backups | Deleted on a rolling schedule, unless retained for security, legal, or disaster recovery needs |
Children
Ruunly is not directed to children under 13 and does not knowingly collect personal information from children under 13. Business customers may not use Ruunly to knowingly collect children's personal information without legally required parental consent and Ruunly's written approval.
AI Features
Ruunly may use automated tools to generate or suggest website copy, service descriptions, marketing text, and related content. We may process the business information and prompts you provide to deliver those features. Do not enter sensitive personal information, protected health information, government IDs, payment credentials, or confidential third-party information into AI prompts unless Ruunly expressly approves that use in writing.
Cookies
We use essential cookies for authentication (session tokens) and security (CSRF protection), and — with your consent via our cookie banner — analytics cookiesfor product analytics and error diagnostics. You can reject analytics cookies in the banner or clear them at any time; essential cookies cannot be rejected without breaking core functionality. We do not use advertising cookies at launch. For a full list of third-party services we use, see our Cookie Policy and Subprocessors.
Contact
Privacy questions: [email protected]