GDPR Compliance

Effective date: 1 July 2020

Runn has undertaken steps to meet GDPR requirements including

  1. Not sharing any personal information with third parties for purely analytics or advertising purposes (Data Privacy)
  2. Allowing users and organisations to delete themselves and their data from our systems (Right to be Forgotten)
  3. Automated removal of users and organisations after 180 days of inactivity (Right to be Forgotten)
  4. Automated deletion of any data that is no longer deemed required (Right to be Forgotten)
  5. Appointing a Privacy Officer (privacy@runn.io) to oversee privacy matters
  6. The ability to export the data you have provided to us via our API (Data Portability)
  7. Users can confirm exactly what information we hold on them, by contacting us or checking the "Third Party Services" below (Right of Access)
  8. Our data is always transmitted securely over HTTPS, passwords are kept encrypted and database and software is regularly checked for any potential security issues. Read more at www.runn.io/security

Things you should know

  1. Runn keeps backup and logs for up to 6 months before they are automatically deleted. When you delete your account, some information continues to be stored in backups.
  2. If you have made a payment to Runn, we are required by tax law to keep this payment information and personal details for 7 years.
  3. Some personal information is held by third party providers to allow Runn to provide its service. A list of all of our 3rd party providers can be found below.
  4. We have confirmed that our 3rd party providers that host personal data outside the US comply with GDPR requirements and EU data production laws.
  5. Runn has not yet been audited for GDPR compliance by an independent third party. However, we will be engaging a specialist to do this.

How can I remove all account data from your systems?

You can remove the vast majority of information records from your systems from the account settings page. Use the "Delete Account" functionality and we will automatically delete the data we keep about you and your account.

There may still be residual information such as errors logs, emails, calendar invites, data backups etc that record some personal information about you (primarily email address, name and any content sent via email). If you also require this information to be deleted, please contact our privacy officer (privacy@runn.io).

How can I remove my information if I am a user or employee?

You may delete your user account from the "My Settings" page. However, your information may still be kept on our systems by the person who owns the Runn account. You will need to ask them directly to remove information they have kept about you (such as your name, email, timesheets, etc).

Third Party Service Providers

  • Heroku
    The primary hosting service for Runn, and Runn’s database
    All information entered into Runn is hosted on these service. Deleted on account deleted. Backups deleted within 90 days.
  • Redis Labs
    Temporary data store to speed up Runn’s service
    Contains user email addresses. Automatically deleted within 7 days.
  • Intercom
    Used to provide customer support
    Contains names and email addresses. Deleted on account deletion.
  • Rollbar / Logentries
    Error reporting and monitoring
    Contains email addresses of user who have triggered an error alert. Automatically deleted within 90 days
  • Slack
    Used by Runn for internal communications.
    May contain logs of names and email addresses. Most automatically deleted within 30 days.
  • Calendly / Zoom
    Used to book demos and meetings
    May contain email and name, if you have booked a demo or a meeting with the Runn team. Deleted upon request.
  • Google Service (Gmail, Google Docs)
    Used for internal communications and documentation
    May contain email address and other personal information, if you have contacted Runn. Deleted upon request.
  • Chargebee
    Used for payment processing and invoicing
    Contains personal information, including names and address, and credit card details. Kept to meet legal requirements.
  • Segment / Sherlock / Hubspot / ProfitWell
    Used to provide insights into how active an account is, if you are a paying customer and how much you are paying, the number of users and projects your account has and helps us target proactive support to the correct accounts and users
    Contains personal information, including names and email addresses. Deleted on account deletion.
  • FullStory / Google Analytics
    Used to provide support and usage statistics on users.
    Does not contain personal information, but aggregated and anonymized statistical and analytical data from your account used to improve out services. FullStory deleted within 60 days. Google Analytics deleted on request.

What if I need more information, or have a special request?

Please read our privacy policy or contact our Privacy Officer (privacy@runn.io) if you have any questions, or special requests.

Smart resource and capacity planning