Legal

RunAI Privacy Policy

Last Updated:
Effective Date:

This Privacy Policy explains how RUN CEO INC (“Run,” “we,” “us,” or “our”) collects, uses, discloses, transfers, stores, and otherwise processes personal data when you access or use our websites, applications, software, APIs, AI agents, workflows, digital products, integrations, support channels, communications, and related services (collectively, the “Services”).

This Privacy Policy is intended to be clear and transparent about our data practices. It also describes certain rights you may have under applicable privacy and data protection laws.

1. Who We Are

RUN CEO INC is the company responsible for the processing of personal data described in this Privacy Policy unless otherwise stated.

Contact details

RUN CEO INC
8 The Green #25569
Dover, DE 19901
Email: privacy@runceo.net

If you have privacy questions or would like to exercise your rights, you may contact us at privacy@runceo.net.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data we process about:

  • website visitors;
  • prospective customers;
  • account holders;
  • users who interact with our AI tools, chat interfaces, or workflows;
  • purchasers of subscriptions, digital products, or services;
  • business users and workspace members;
  • individuals who communicate with us for support, sales, security, or other inquiries; and
  • end users, customers, employees, contractors, prospects, or other individuals whose personal data is submitted to the Services by our business customers.

If you use the Services on behalf of a business or other organization, your organization may separately control certain personal data submitted to the Services. In those cases, we may process data on that organization’s behalf as a processor, service provider, or similar role under applicable law.

3. Personal Data We Collect

We may collect the following categories of personal data.

3.1 Account and Contact Information

This may include:

  • name;
  • email address;
  • phone number;
  • company name;
  • job title;
  • account login details and credentials;
  • billing contact details; and
  • communication preferences.

3.2 Payment and Transaction Information

This may include:

  • subscription status and plan details;
  • purchase history;
  • invoices;
  • billing status;
  • tax-related information;
  • payment confirmations; and
  • transaction metadata.

We generally do not store full payment card numbers. Payments are typically processed by third-party payment processors.

3.3 AI Conversation Data and User Content

This may include:

  • prompts;
  • chat messages;
  • instructions;
  • files and attachments;
  • generated outputs;
  • workflow definitions;
  • product, store, or business data you submit;
  • ratings, corrections, or feedback;
  • logs relating to agent or tool activity; and
  • related contextual data needed to provide the Services.

3.4 Business, Workspace, and Integration Data

If you connect third-party services or use business features, we may process data such as:

  • store and product data;
  • support tickets;
  • orders and checkout events;
  • marketing campaign data;
  • CRM records;
  • analytics data;
  • customer messages;
  • API metadata;
  • integration settings;
  • permissions; and
  • configuration data.

3.5 Usage, Device, and Technical Data

This may include:

  • IP address;
  • approximate location derived from IP address or similar network-based signals;
  • browser type;
  • device identifiers;
  • operating system;
  • app and browser settings;
  • referring URLs;
  • pages or screens viewed;
  • session data;
  • clickstream data;
  • logs;
  • crash and error reports;
  • diagnostics;
  • performance data; and
  • security event information.

3.6 Cookies and Similar Technologies

We may use cookies, pixels, local storage, SDKs, tags, and similar technologies to collect information for authentication, analytics, security, functionality, personalization, and marketing, subject to applicable law.

3.7 Communications and Support Data

If you contact us or communicate with us, we may collect:

  • emails and attachments;
  • support tickets;
  • chat records;
  • call notes;
  • feedback;
  • complaint details;
  • survey responses; and
  • records of communications and requests.

3.8 Sensitive or Restricted Data

We do not intend for users to submit sensitive, regulated, or restricted data unless expressly permitted by us and authorized by law. This may include, depending on applicable law, sensitive personal information, special categories of personal data, health information, children’s data, biometric data, government identifiers, or payment card data outside approved payment workflows.

If you choose to submit such data, you represent that you are authorized to do so and that the submission is necessary and lawful.

4. Sources of Personal Data

We collect personal data from the following sources:

  • Directly from you, such as when you create an account, make a purchase, submit content, contact us, or use the Services.
  • From your organization or workspace administrator, such as when they create or manage an account for you.
  • From third-party integrations and connected services, according to your settings, permissions, and instructions.
  • From payment processors and service providers, such as confirmation of payment status or fraud-prevention information.
  • Automatically from your devices and browsers, including through logs, cookies, SDKs, and analytics tools.
  • From business customers, where a customer submits or syncs personal data about its own users, customers, leads, employees, contractors, or other contacts.
  • From publicly available sources or security providers, where reasonably necessary for security, fraud prevention, or business verification.

5. How We Use Personal Data

We may use personal data for the following purposes:

  • to provide, operate, maintain, and support the Services;
  • to create, administer, and secure accounts and workspaces;
  • to authenticate users and manage permissions;
  • to process subscriptions, purchases, billing, invoices, refunds, and related records;
  • to provide AI-generated responses, outputs, workflows, and related functionality;
  • to operate automations, integrations, and connected tools at your direction;
  • to personalize user experience and product functionality;
  • to communicate with you about transactions, updates, support, service changes, and security matters;
  • to respond to inquiries, complaints, support requests, and rights requests;
  • to monitor performance, troubleshoot issues, fix bugs, and improve reliability;
  • to protect the Services, users, and third parties from fraud, abuse, security incidents, and misuse;
  • to enforce our Terms, policies, and contractual rights;
  • to comply with legal, regulatory, tax, accounting, and compliance obligations;
  • to send marketing communications where permitted by law;
  • to measure marketing effectiveness and product usage;
  • to develop, improve, and test features, subject to this Privacy Policy and applicable law;
  • to provide, support, improve, and personalize AI responses and related functionality using approximate location information where relevant to your interaction with the Services; and
  • to create aggregated or de-identified insights, analytics, and service improvements where permitted by law.

6. AI Processing and Model Providers

Run uses AI systems, automation tools, retrieval systems, and third-party AI model or infrastructure providers to provide the Services.

When you use AI features, we may process prompts, instructions, messages, files, outputs, and related context to:

  • generate responses and outputs;
  • execute workflows and AI-assisted actions;
  • improve functionality, safety, and reliability;
  • detect misuse and abuse;
  • troubleshoot issues and provide support; and
  • evaluate and monitor system quality and performance.

Unless otherwise stated in a separate written agreement:

  • we may use aggregated, anonymized, or de-identified information to improve the Services;
  • we may use logs, telemetry, diagnostics, evaluation data, and safety signals to improve quality, security, and reliability;
  • we will not use your confidential business data or your customers’ personal data to train a public-facing foundation model in a manner intended to identify you, except as disclosed to you or where required or permitted by applicable law; and
  • third-party AI providers and infrastructure providers may process data on our behalf to enable AI functionality.

You should not submit personal data, confidential information, or regulated data to the Services unless you have authority to do so and it is necessary for your use of the Services.

7. Legal Bases for Processing

Where required by applicable law, including in the European Economic Area (“EEA”), United Kingdom, and similar jurisdictions, we process personal data on one or more of the following legal bases:

  • Performance of a contract, such as providing the Services, processing transactions, and managing accounts.
  • Legitimate interests, such as operating and improving the Services, maintaining security, preventing fraud, administering business relationships, responding to inquiries, and enforcing our Terms.
  • Consent, such as where required for certain marketing communications, non-essential cookies, or particular processing activities.
  • Legal obligation, such as complying with applicable laws, regulations, legal process, tax obligations, or recordkeeping requirements.
  • Protection of vital interests, where relevant to protect individuals or the Services from harm.
  • Other lawful bases permitted under applicable law.

Where we rely on legitimate interests, those interests generally include running, securing, improving, defending, and supporting our business and Services in a proportionate manner.

8. How We Disclose Personal Data

We may disclose personal data to the following categories of recipients.

We do not disclose approximate location information to third parties for their own purposes.

8.1 Service Providers and Contractors

We may disclose personal data to vendors and service providers that help us operate the Services, such as providers of:

  • cloud hosting and infrastructure;
  • AI and model services;
  • payment processing;
  • analytics;
  • customer support systems;
  • email and messaging delivery;
  • communications tools;
  • logging and monitoring;
  • security and fraud prevention;
  • database and storage systems; and
  • business operations support.

These parties may process personal data on our behalf subject to contractual and operational restrictions.

8.2 Third-Party Integrations You Use

If you connect third-party services or authorize integrations, we may exchange personal data with those services based on your instructions, permissions, and settings.

8.3 Workspace Owners, Administrators, and Business Customers

If you use the Services under a team, enterprise, or business account, account owners, administrators, or authorized personnel may access workspace-related data, usage records, logs, content, and account details associated with that workspace.

8.4 Legal, Compliance, and Safety Disclosures

We may disclose personal data where we believe disclosure is necessary to:

  • comply with law, regulation, subpoena, court order, or lawful governmental request;
  • enforce our Terms or other agreements;
  • investigate or address fraud, abuse, or security incidents;
  • protect the rights, property, safety, or security of Run, users, customers, or others; or
  • establish, exercise, or defend legal claims.

8.5 Corporate Transactions

We may disclose or transfer personal data in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, subject to applicable confidentiality and legal requirements.

8.6 Aggregated or De-Identified Information

We may disclose aggregated, anonymized, or de-identified information that does not reasonably identify an individual.

9. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

  • keep users signed in;
  • remember settings and preferences;
  • provide core site and product functionality;
  • understand usage patterns;
  • measure performance;
  • maintain security;
  • detect fraud or abuse;
  • personalize content or functionality; and
  • support marketing and analytics.

Where required by law, we will request consent before using non-essential cookies or similar technologies.

Depending on your location and how you access the Services, you may be able to manage cookie preferences through:

  • our cookie banner or preference tool, where available;
  • your browser settings; and
  • device-level privacy controls.

Disabling certain cookies may affect product functionality.

9.1 Google Sign-In and Google User Data

If you authorize Run to access Google user data, including through Google Sign-In or other Google APIs, Run will use that data only to provide and improve the user-facing features you authorize. We do not sell Google user data or use Google user data for advertising purposes unless permitted by Google’s policies and applicable law.

You may revoke Google access through your Google account settings or other available controls.

10. Marketing Communications

We may send promotional or marketing communications where permitted by applicable law.

You can opt out of marketing emails by:

  • clicking the unsubscribe link in the message; or
  • contacting us at privacy@runceo.net.

Even if you opt out of marketing, we may still send you non-marketing communications relating to your account, billing, support, security, transactions, product changes, or other administrative matters.

11. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain records, comply with legal obligations, resolve disputes, enforce our agreements, and protect against fraud and security risks.

Retention periods vary depending on the type of data and the context in which it was collected. For example:

  • account information may be retained while the account is active and for a reasonable period afterward;
  • billing, tax, and transaction records may be retained as required by law or standard accounting practice;
  • support communications and complaint records may be retained as needed to address issues and maintain business records;
  • technical logs, diagnostics, and security event records may be retained for security, fraud prevention, and system integrity;
  • AI conversation history and uploaded content may be retained according to workspace settings, account status, product design, backup cycles, legal obligations, and customer instructions, where applicable; and
  • opt-out and suppression records may be retained so we can honor future marketing preferences.

When personal data is no longer reasonably necessary, we will delete, de-identify, anonymize, or otherwise retain it only as required or permitted by law.

12. Security

We use reasonable technical, administrative, and organizational safeguards designed to protect personal data against unauthorized access, misuse, loss, alteration, or disclosure.

However, no system is completely secure, and we cannot guarantee absolute security.

You are responsible for protecting credentials, managing permissions, using appropriate security settings, and safeguarding any devices or integrations you use with the Services.

13. International Data Transfers

We may process and store personal data in countries other than the country where you live or where your organization is located.

Where required by applicable law, we implement appropriate safeguards for cross-border transfers, which may include:

  • contractual protections;
  • the European Commission’s Standard Contractual Clauses;
  • equivalent transfer agreements;
  • internal safeguards; or
  • other lawful transfer mechanisms.

By using the Services or submitting personal data to us, you acknowledge that your personal data may be transferred to and processed in other jurisdictions, subject to applicable legal protections.

14. Business Customer Data and Role of the Parties

If a business customer submits personal data to the Services relating to that customer’s own customers, prospects, employees, contractors, or users, the business customer is responsible for:

  • providing required notices;
  • obtaining required consents where necessary;
  • establishing an appropriate legal basis for processing; and
  • ensuring that the submission and use of the data are lawful.

In those cases, Run may act as a processor, service provider, or similar role on behalf of the business customer, while the business customer may act as the controller, business, or equivalent role under applicable law.

A separate data processing agreement or enterprise agreement may apply.

15. Your Privacy Rights

Depending on your location and applicable law, you may have rights to:

  • know whether we process your personal data;
  • access personal data we hold about you;
  • request correction of inaccurate personal data;
  • request deletion of personal data;
  • request a copy of certain personal data in a portable format;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • opt out of certain marketing communications;
  • opt out of certain targeted advertising, profiling, sale, or sharing where those rights apply;
  • limit certain uses of sensitive personal information where those rights apply; and
  • lodge a complaint with a regulator or supervisory authority.

You may also be able to limit or disable location access through your device or app settings, although some features may not function as intended without it.

To exercise your rights, contact us at privacy@runceo.net.

We may need to verify your identity before processing a request. We may also deny or limit requests where permitted by law, such as where an exemption applies, where we cannot verify identity, or where granting the request would adversely affect the rights of others or our legal obligations.

If you are an authorized agent acting for another individual, we may require proof of your authority and verification of the individual’s identity as permitted by law.

We will not unlawfully discriminate against you for exercising applicable privacy rights.

16. California Privacy Notice

This Section applies to California residents to the extent the California Consumer Privacy Act, as amended, applies to our processing. California law requires businesses to provide a privacy policy and a notice at or before collection that describes categories of personal information collected, purposes of use, categories of recipients, and available rights. California consumers also have rights to know, delete, correct, and opt out in certain circumstances.

16.1 Categories of Personal Information Collected

In the preceding 12 months, we may have collected the categories of personal information described in Section 3 above, including identifiers, commercial information, internet or network activity information, professional or employment-related information, account information, communications, and other information you submit through the Services.

16.2 Sources of Personal Information

We collect personal information from the sources described in Section 4 above.

16.3 Purposes for Collection, Use, and Disclosure

We collect, use, retain, and disclose personal information for the purposes described in Sections 5 through 14 above.

16.4 Categories of Recipients

We may disclose personal information to the categories of recipients described in Section 8 above.

16.5 Sale, Sharing, and Sensitive Personal Information

We do not sell personal information for money.

We do not use or disclose sensitive personal information for purposes that would require offering a right to limit its use under California law, except as otherwise disclosed to you or permitted by law.

Whether certain analytics, advertising, or cookie-based practices constitute “sharing” under California law depends on how our Services and cookie tools are configured at a given time. If we engage in activities that trigger an applicable opt-out right, we will provide the required method to exercise that right.

16.6 California Privacy Rights

Subject to applicable exceptions and verification, California residents may have the right to:

  • know/access personal information we have collected, used, disclosed, sold, or shared about them, including the right to know the categories and specific pieces of personal information, where applicable;
  • request deletion of personal information;
  • request correction of inaccurate personal information;
  • opt out of sale or sharing, where applicable;
  • limit certain uses of sensitive personal information, where applicable; and
  • not be unlawfully discriminated against for exercising these rights.

To submit a California privacy request, contact privacy@runceo.net.

17. EEA, UK, and Similar Jurisdictions

If you are located in the EEA, UK, or a similar jurisdiction, you may have rights under applicable data protection law, including the rights of access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority. Organizations must provide individuals with clear information about who is collecting their data, why it is collected, applicable rights, transfers, and complaint rights.

Where required:

  • we identify the legal bases for processing in Section 7;
  • we describe international transfer safeguards in Section 13; and
  • where we process data on behalf of business customers, additional contractual data-processing terms may apply.

If you believe our processing violates applicable law, you may lodge a complaint with your local supervisory authority.

18. Australia Privacy Notice

If the Australian Privacy Act 1988 and the Australian Privacy Principles apply, this policy is intended to explain what personal information we collect, how we collect and hold it, the purposes for which we use and disclose it, how you may access and correct it, how to complain, and how overseas disclosures may occur. APP 1 requires an up-to-date privacy policy that explains, among other things, access/correction, complaints, and likely overseas disclosures. APP 8 addresses cross-border disclosure issues.

18.1 Access and Correction

You may request access to or correction of personal information we hold about you by contacting privacy@runceo.net. We may need to verify your identity and may decline requests where permitted by law.

18.2 Complaints

If you believe we have breached applicable Australian privacy law, you may submit a complaint to privacy@runceo.net with sufficient detail for us to investigate.

We will review complaints in a reasonable timeframe and respond as appropriate. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

18.3 Overseas Disclosure

We may disclose or make personal information available overseas as described in Sections 8 and 13, including where we use service providers, infrastructure providers, or subprocessors located outside Australia.

19. South Korea Privacy Notice

If South Korean personal information law applies, including the Personal Information Protection Act (“PIPA”), you may have rights to access, correct, delete, suspend processing of, or withdraw consent relating to your personal information, subject to applicable law. PIPC has emphasized transparency, especially for overseas transfers, including information about the recipient, country of transfer, purpose, and retention/use period where applicable.

19.1 Overseas Transfers

Where required by applicable South Korean law, we will provide or make available additional information about overseas transfers, which may include:

  • the name of the recipient;
  • recipient contact information;
  • country of transfer;
  • date and method of transfer;
  • categories of personal information transferred;
  • purpose of transfer; and
  • retention or use period by the recipient.

19.2 Rights

To exercise rights under applicable Korean law, contact privacy@runceo.net. We may request information necessary to verify your identity and authority.

19.3 Deletion and Account Closure

You may request deletion of your account or personal information by contacting us or, where available, using in-product account controls. Some information may be retained where required by law or reasonably necessary for security, recordkeeping, dispute resolution, or fraud prevention.

20. Children’s Privacy

The Services are not intended for children under 13, or under any higher minimum age required by applicable law.

We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, contact us at privacy@runceo.net and we will take appropriate steps.

21. Third-Party Links and Services

The Services may contain links to third-party websites, applications, platforms, or services. We are not responsible for the privacy, security, or content practices of third parties. Their practices are governed by their own privacy notices, terms, and policies.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may provide notice through the Services, by email, or by other appropriate means. The updated Privacy Policy becomes effective as of the date shown above.

23. Contact Information

For questions about this Privacy Policy or our privacy practices, contact:

RUN CEO INC
8 The Green #25569
Dover, DE 19901
Email: privacy@runceo.net

24. Data Protection Contact

For privacy inquiries, rights requests, and complaints, contact:

privacy@runceo.net

© 2026 RUN CEO INC. All rights reserved.
Terms of Service RunAI Home