RunAI ← Back to RunAI
Legal

RunAI Privacy Policy

Last Updated: [Insert Date]
Effective Date: [Insert Date]

This Privacy Policy explains how RUN CEO INC (“Run,” “we,” “us,” or “our”) collects, uses, discloses, transfers, stores, and otherwise processes personal data when you access or use our websites, applications, software, APIs, AI agents, workflows, digital products, integrations, support channels, communications, and related services (collectively, the “Services”).

This Privacy Policy is intended to be clear and transparent about our data practices. It also describes certain rights you may have under applicable privacy and data protection laws.

1. Who We Are

RUN CEO INC is the company responsible for the processing of personal data described in this Privacy Policy unless otherwise stated.

Contact details

RUN CEO INC
8 The Green #25569
Dover, DE 19901
Email: privacy@runceo.net

If you have privacy questions or would like to exercise your rights, you may contact us at privacy@runceo.net.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data we process about:

  • website visitors;
  • prospective customers;
  • account holders;
  • users who interact with our AI tools, chat interfaces, or workflows;
  • purchasers of subscriptions, digital products, or services;
  • business users and workspace members;
  • individuals who communicate with us for support, sales, security, or other inquiries; and
  • end users, customers, employees, contractors, prospects, or other individuals whose personal data is submitted to the Services by our business customers.

If you use the Services on behalf of a business or other organization, your organization may separately control certain personal data submitted to the Services. In those cases, we may process data on that organization’s behalf as a processor, service provider, or similar role under applicable law.

3. Personal Data We Collect

We may collect the following categories of personal data.

3.1 Account and Contact Information

This may include:

  • name;
  • email address;
  • phone number;
  • company name;
  • job title;
  • account login details and credentials;
  • billing contact details; and
  • communication preferences.

3.2 Payment and Transaction Information

This may include:

  • subscription status and plan details;
  • purchase history;
  • invoices;
  • billing status;
  • tax-related information;
  • payment confirmations; and
  • transaction metadata.

We generally do not store full payment card numbers. Payments are typically processed by third-party payment processors.

3.3 AI Conversation Data and User Content

This may include:

  • prompts;
  • chat messages;
  • instructions;
  • files and attachments;
  • generated outputs;
  • workflow definitions;
  • product, store, or business data you submit;
  • ratings, corrections, or feedback;
  • logs relating to agent or tool activity; and
  • related contextual data needed to provide the Services.

3.4 Business, Workspace, and Integration Data

If you connect third-party services or use business features, we may process data such as:

  • store and product data;
  • support tickets;
  • orders and checkout events;
  • marketing campaign data;
  • CRM records;
  • analytics data;
  • customer messages;
  • API metadata;
  • integration settings;
  • permissions; and
  • configuration data.

3.5 Usage, Device, and Technical Data

This may include:

  • IP address;
  • browser type;
  • device identifiers;
  • operating system;
  • app and browser settings;
  • referring URLs;
  • pages or screens viewed;
  • session data;
  • clickstream data;
  • logs;
  • crash and error reports;
  • diagnostics;
  • performance data; and
  • security event information.

3.6 Cookies and Similar Technologies

We may use cookies, pixels, local storage, SDKs, tags, and similar technologies to collect information for authentication, analytics, security, functionality, personalization, attribution, and marketing, subject to applicable law.

3.7 Communications and Support Data

If you contact us or communicate with us, we may collect:

  • emails and attachments;
  • support tickets;
  • chat records;
  • call notes;
  • feedback;
  • complaint details;
  • survey responses; and
  • records of communications and requests.

3.8 Sensitive or Restricted Data

We do not intend for users to submit sensitive, regulated, or restricted data unless the relevant feature is expressly enabled for that purpose by Run, the processing is covered by a separate written agreement, or Run has otherwise approved it in writing. This may include, depending on applicable law, sensitive personal information, special categories of personal data, health information, children’s data, biometric data, government identifiers, or payment card data outside approved payment workflows.

If you submit such data, you represent and warrant that you are authorized to do so, that the submission is necessary and lawful, and that all required notices, consents, and legal bases have been obtained.

4. Sources of Personal Data

We collect personal data from the following sources:

  • directly from you, such as when you create an account, make a purchase, submit content, contact us, or use the Services;
  • from your organization or workspace administrator, such as when they create or manage an account for you;
  • from third-party integrations and connected services, according to your settings, permissions, and instructions;
  • from payment processors and service providers, such as confirmation of payment status or fraud-prevention information;
  • automatically from your devices and browsers, including through logs, cookies, SDKs, and analytics tools;
  • from business customers, where a customer submits or syncs personal data about its own users, customers, leads, employees, contractors, or other contacts; and
  • from publicly available sources or security providers, where reasonably necessary for security, fraud prevention, or business verification.

5. How We Use Personal Data

We may use personal data for the following purposes:

  • to provide, operate, maintain, and support the Services;
  • to create, administer, and secure accounts and workspaces;
  • to authenticate users and manage permissions;
  • to process subscriptions, purchases, billing, invoices, refunds, and related records;
  • to provide AI-generated responses, outputs, workflows, and related functionality;
  • to operate automations, integrations, and connected tools at your direction;
  • to personalize user experience and product functionality;
  • to communicate with you about transactions, updates, support, service changes, and security matters;
  • to respond to inquiries, complaints, support requests, and rights requests;
  • to monitor performance, troubleshoot issues, fix bugs, and improve reliability;
  • to protect the Services, users, and third parties from fraud, abuse, security incidents, and misuse;
  • to enforce our Terms, policies, and contractual rights;
  • to comply with legal, regulatory, tax, accounting, and compliance obligations;
  • to send marketing communications where permitted by law;
  • to measure marketing effectiveness and product usage;
  • to develop, improve, and test features, subject to this Privacy Policy and applicable law; and
  • to create aggregated or de-identified insights, analytics, and service improvements where permitted by law.

6. AI Processing and Model Providers

Run uses AI systems, automation tools, retrieval systems, and third-party AI model or infrastructure providers to provide the Services.

When you use AI features, we may process prompts, instructions, messages, files, outputs, and related context to:

  • generate responses and outputs;
  • execute workflows and AI-assisted actions;
  • troubleshoot issues and provide support;
  • evaluate and monitor system quality and performance;
  • detect misuse and abuse; and
  • improve functionality, safety, and reliability.

Unless otherwise stated in a separate written agreement:

  • we may use usage data, telemetry, logs, diagnostics, safety signals, evaluation results, and aggregated, anonymized, or de-identified information to operate, secure, test, support, and improve the Services;
  • we may internally use prompts, instructions, AI outputs, workflow results, and related context to troubleshoot, evaluate, test, and improve quality, reliability, and safety;
  • we do not use Customer Content, Confidential Information, or personal data submitted on behalf of business customers to train third-party or public foundation models unless the customer has expressly opted in, entered into a separate written agreement, or such use is clearly disclosed and permitted by applicable law; and
  • third-party AI providers, hosting providers, and infrastructure providers may process data on our behalf to enable AI functionality.

You should not submit personal data, confidential information, or regulated data to the Services unless you have authority to do so and it is necessary for your use of the Services.

7. Legal Bases for Processing

Where required by applicable law, including in the European Economic Area (“EEA”), United Kingdom, and similar jurisdictions, we process personal data on one or more of the following legal bases:

  • Performance of a contract, such as providing the Services, processing transactions, and managing accounts.
  • Legitimate interests, such as operating and improving the Services, maintaining security, preventing fraud, administering business relationships, responding to inquiries, and enforcing our Terms.
  • Consent, such as where required for certain marketing communications, non-essential cookies, or particular processing activities.
  • Legal obligation, such as complying with applicable laws, regulations, legal process, tax obligations, or recordkeeping requirements.
  • Protection of vital interests, where relevant to protect individuals or the Services from harm.
  • Other lawful bases permitted under applicable law.

Where we rely on legitimate interests, those interests generally include running, securing, improving, defending, and supporting our business and Services in a proportionate manner.

8. How We Disclose Personal Data

We may disclose personal data to the following categories of recipients.

8.1 Service Providers and Contractors

We may disclose personal data to vendors and service providers that help us operate the Services, such as providers of:

  • cloud hosting and infrastructure;
  • AI and model services;
  • payment processing;
  • analytics;
  • customer support systems;
  • email and messaging delivery;
  • communications tools;
  • logging and monitoring;
  • security and fraud prevention;
  • database and storage systems; and
  • business operations support.

These parties may process personal data on our behalf subject to contractual and operational restrictions.

8.1A Subprocessors

We may use subprocessors and service providers to provide the Services. A current list of subprocessors may be made available at [insert subprocessor URL]. Such providers may include AI/model providers, hosting and infrastructure providers, payment processors, analytics providers, customer support systems, authentication providers, communications providers, logging and monitoring vendors, security vendors, and fraud-prevention vendors.

8.2 Third-Party Integrations You Use

If you connect third-party services or authorize integrations, we may exchange personal data with those services based on your instructions, permissions, and settings.

8.3 Workspace Owners, Administrators, and Business Customers

If you use the Services under a team, enterprise, or business account, account owners, administrators, or authorized personnel may access workspace-related data, usage records, logs, content, and account details associated with that workspace.

8.4 Legal, Compliance, and Safety Disclosures

We may disclose personal data where we believe disclosure is necessary to:

  • comply with law, regulation, subpoena, court order, or lawful governmental request;
  • enforce our Terms or other agreements;
  • investigate or address fraud, abuse, or security incidents;
  • protect the rights, property, safety, or security of Run, users, customers, or others; or
  • establish, exercise, or defend legal claims.

8.5 Corporate Transactions

We may disclose or transfer personal data in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, subject to applicable confidentiality and legal requirements.

8.6 Aggregated or De-Identified Information

We may disclose aggregated, anonymized, or de-identified information that does not reasonably identify an individual.

9. Cookies and Tracking Technologies

We may use cookies, pixels, local storage, SDKs, tags, and similar technologies for authentication, analytics, security, functionality, personalization, attribution, and marketing.

Where required by law, we will request consent before using non-essential cookies or similar technologies, or provide opt-out rights through a cookie banner, preference tool, browser controls, device controls, or other legally required mechanisms.

Depending on your location and how you access the Services, you may be able to manage cookie preferences through:

  • our cookie banner or preference tool, where available;
  • your browser settings;
  • device-level privacy controls; and
  • any legally recognized opt-out signal or mechanism that we are required to honor.

Disabling certain cookies or tracking technologies may affect product functionality.

9.1 Google Sign-In and Google User Data

If you authorize Run to access Google user data, including through Google Sign-In or other Google APIs, Run will use that data only to provide and improve the user-facing features you authorize. We do not sell Google user data or use Google user data for advertising purposes unless permitted by Google’s policies and applicable law.

You may revoke Google access through your Google account settings or other available controls.

10. Marketing Communications

We may send promotional or marketing communications where permitted by applicable law.

You can opt out of marketing emails by:

  • clicking the unsubscribe link in the message; or
  • contacting us at privacy@runceo.net.

Even if you opt out of marketing, we may still send you non-marketing communications relating to your account, billing, support, security, transactions, product changes, or other administrative matters.

11. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain records, comply with legal obligations, resolve disputes, enforce our agreements, and protect against fraud and security risks.

Retention periods vary depending on the type of data and the context in which it was collected. For example:

  • account information may be retained while the account is active and for a reasonable period afterward;
  • billing, tax, and transaction records may be retained as required by law or standard accounting practice;
  • support communications and complaint records may be retained as needed to address issues and maintain business records;
  • technical logs, diagnostics, and security event records may be retained for security, fraud prevention, and system integrity;
  • AI conversation history and uploaded content may be retained according to workspace settings, account status, product design, backup cycles, legal obligations, and customer instructions, where applicable; and
  • opt-out and suppression records may be retained so we can honor future marketing preferences.

If your account or workspace is deleted, we may delete, de-identify, anonymize, or retain personal data according to account settings, customer instructions, backup cycles, legal obligations, legitimate business needs, dispute resolution requirements, fraud prevention needs, and security requirements.

When personal data is no longer reasonably necessary, we will delete, de-identify, anonymize, or otherwise retain it only as required or permitted by law.

12. Security

We use reasonable technical, administrative, and organizational safeguards designed to protect personal data against unauthorized access, misuse, loss, alteration, or disclosure.

However, no system is completely secure, and we cannot guarantee absolute security.

You are responsible for protecting credentials, managing permissions, using appropriate security settings, and safeguarding any devices or integrations you use with the Services.

13. International Data Transfers

We may process and store personal data in countries other than the country where you live or where your organization is located.

Where required by applicable law, we implement appropriate safeguards for cross-border transfers, which may include:

  • contractual protections;
  • the European Commission’s Standard Contractual Clauses;
  • equivalent transfer agreements;
  • internal safeguards; or
  • other lawful transfer mechanisms.

By using the Services or submitting personal data to us, you acknowledge that your personal data may be transferred to and processed in other jurisdictions, subject to applicable legal protections.

14. Business Customer Data and Role of the Parties

If a business customer submits personal data to the Services relating to that customer’s own customers, prospects, employees, contractors, or users, the business customer is responsible for:

  • providing required notices;
  • obtaining required consents where necessary;
  • establishing an appropriate legal basis for processing; and
  • ensuring that the submission and use of the data are lawful.

In those cases, Run may act as a processor, service provider, or similar role on behalf of the business customer, while the business customer may act as the controller, business, or equivalent role under applicable law.

Where Run processes personal data on behalf of a business customer, Run will process such data in accordance with the customer’s documented instructions, the applicable Data Processing Addendum, enterprise agreement, or other written agreement, where applicable.

15. Your Privacy Rights

Depending on your location and applicable law, you may have rights to:

  • know whether we process your personal data;
  • access personal data we hold about you;
  • request correction of inaccurate personal data;
  • request deletion of personal data;
  • request a copy of certain personal data in a portable format;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • opt out of certain marketing communications;
  • opt out of certain targeted advertising, profiling, sale, or sharing where those rights apply;
  • limit certain uses of sensitive personal information where those rights apply; and
  • lodge a complaint with a regulator or supervisory authority.

To exercise your rights, contact us at privacy@runceo.net.

We may need to verify your identity before processing a request. We may also deny or limit requests where permitted by law, such as where an exemption applies, where we cannot verify identity, or where granting the request would adversely affect the rights of others or our legal obligations.

If you are an authorized agent acting for another individual, we may require proof of your authority and verification of the individual’s identity as permitted by law.

We will not unlawfully discriminate against you for exercising applicable privacy rights.

We do not use automated decisionmaking technology to make legally or similarly significant decisions about individuals in areas such as employment, credit, housing, insurance, healthcare, legal rights, or access to essential services unless separately disclosed and permitted by applicable law.

16. California Privacy Notice

This Section applies to California residents to the extent the California Consumer Privacy Act, as amended, applies to our processing. California law may provide California consumers with rights to know, access, delete, correct, and opt out of certain processing in specific circumstances.

16.1 Categories of Personal Information Collected

In the preceding 12 months, we may have collected the categories of personal information described in Section 3 above, including identifiers, commercial information, internet or network activity information, professional or employment-related information, account information, communications, and other information you submit through the Services.

16.2 Sources of Personal Information

We collect personal information from the sources described in Section 4 above.

16.3 Purposes for Collection, Use, and Disclosure

We collect, use, retain, and disclose personal information for the purposes described in Sections 5 through 14 above.

16.4 Categories of Recipients

We may disclose personal information to the categories of recipients described in Section 8 above.

16.5 Sale, Sharing, and Sensitive Personal Information

We do not sell personal information for money.

We may allow certain analytics, attribution, advertising, or similar partners to collect limited information through cookies, SDKs, pixels, tags, or similar technologies, which may constitute “sharing” under California law depending on how the Services are configured and used.

Where applicable, we will provide the rights and methods required by California law to opt out of sale or sharing, including honoring Global Privacy Control signals where legally required.

We do not use or disclose sensitive personal information for purposes that would require offering a right to limit its use under California law, except as otherwise disclosed to you or permitted by law.

16.6 California Privacy Rights

Subject to applicable exceptions and verification, California residents may have the right to:

  • know/access personal information we have collected, used, disclosed, sold, or shared about them, including the right to know the categories and specific pieces of personal information, where applicable;
  • request deletion of personal information;
  • request correction of inaccurate personal information;
  • opt out of sale or sharing, where applicable;
  • limit certain uses of sensitive personal information, where applicable; and
  • not be unlawfully discriminated against for exercising these rights.

To submit a California privacy request, contact privacy@runceo.net.

Where required by California law, we may provide a “Do Not Sell or Share My Personal Information” link, preference center, or other legally recognized opt-out mechanism.

17. U.S. State Privacy Notice

Residents of certain U.S. states may have rights under applicable privacy laws, including rights to access, correct, delete, or obtain a portable copy of personal data, and rights to opt out of certain targeted advertising, sale, sharing, profiling, or other processing where applicable.

The availability and scope of these rights depend on your state of residence and applicable law.

To exercise rights available to you, contact privacy@runceo.net.

If applicable law requires an appeals process after we deny a request, you may contact us again at privacy@runceo.net and include “Privacy Appeal” in the subject line.

18. EEA, UK, and Similar Jurisdictions

If you are located in the EEA, UK, or a similar jurisdiction, you may have rights under applicable data protection law, including the rights of access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority.

Where required:

  • we identify the legal bases for processing in Section 7;
  • we describe international transfer safeguards in Section 13; and
  • where we process data on behalf of business customers, additional contractual data-processing terms may apply.

If you believe our processing violates applicable law, you may lodge a complaint with your local supervisory authority.

19. Australia Privacy Notice

If the Australian Privacy Act 1988 and the Australian Privacy Principles apply, this Section explains how you may request access to or correction of personal information, how to submit complaints, and how overseas disclosures may occur.

19.1 Access and Correction

You may request access to or correction of personal information we hold about you by contacting privacy@runceo.net. We may need to verify your identity and may decline requests where permitted by law.

19.2 Complaints

If you believe we have breached applicable Australian privacy law, you may submit a complaint to privacy@runceo.net with sufficient detail for us to investigate.

We will review complaints in a reasonable timeframe and respond as appropriate. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

19.3 Overseas Disclosure

We may disclose or make personal information available overseas as described in Sections 8 and 13, including where we use service providers, infrastructure providers, or subprocessors located outside Australia.

20. South Korea Privacy Notice

If South Korean personal information law applies, including the Personal Information Protection Act (“PIPA”), you may have rights to access, correct, delete, suspend processing of, or withdraw consent relating to your personal information, subject to applicable law.

20.1 Overseas Transfers

Where required by applicable South Korean law, we will provide or make available additional information about overseas transfers, which may include:

  • the name of the recipient;
  • recipient contact information;
  • country of transfer;
  • date and method of transfer;
  • categories of personal information transferred;
  • purpose of transfer; and
  • retention or use period by the recipient.

20.2 Rights

To exercise rights under applicable Korean law, contact privacy@runceo.net. We may request information necessary to verify your identity and authority.

20.3 Deletion and Account Closure

You may request deletion of your account or personal information by contacting us or, where available, using in-product account controls. Some information may be retained where required by law or reasonably necessary for security, recordkeeping, dispute resolution, or fraud prevention.

21. Children’s Privacy

The Services are not intended for children under 13, or under any higher minimum age required by applicable law.

We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, contact us at privacy@runceo.net and we will take appropriate steps.

22. Third-Party Links and Services

The Services may contain links to third-party websites, applications, platforms, or services. We are not responsible for the privacy, security, or content practices of third parties. Their practices are governed by their own privacy notices, terms, and policies.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may provide notice through the Services, by email, or by other appropriate means. The updated Privacy Policy becomes effective as of the date shown above.

24. Contact Information

For questions about this Privacy Policy or our privacy practices, contact:

RUN CEO INC
8 The Green #25569
Dover, DE 19901
Email: privacy@runceo.net

25. Data Protection Contact

For privacy inquiries, rights requests, and complaints, contact:

privacy@runceo.net

© 2026 RUN CEO INC. All rights reserved.
Terms of Service RunAI Home