Effective date: 1 July 2020
Runn has undertaken steps to meet GDPR requirements including
- Not sharing any personal information with third parties for purely analytics purposes (Data Privacy)
- Allowing users and organisations to delete themselves and their data from our systems (Right to be Forgotten)
- Automated removal of users and organisations after 180 days of inactivity (Right to be Forgotten)
- Automated deletion of any data that is no longer deemed required (Right to be Forgotten)
- Appointing a Privacy Officer (email@example.com) to oversee privacy matters
- The ability to export the data you have provided to us via our API (Data Portability)
- Users can confirm exactly what information we hold on them, by contacting us or checking the "Third Party Services" below (Right of Access)
- Our data is always transmitted securely over HTTPS, passwords are kept encrypted and database and software is regularly checked for any potential security issues. Read more at www.runn.io/security
Things you should know
- Runn keeps backup and logs for up to 6 months before they are automatically deleted. When you delete your account, some information continues to be stored in backups.
- If you have made a payment to Runn, we are required by tax law to keep this payment information and personal details for 7 years.
- Some personal information is held by third party providers to allow Runn to provide its service. A list of all of our 3rd party providers can be found below.
- We have confirmed that our 3rd party providers that host personal data outside the US comply with GDPR requirements and EU data production laws.
- Runn has not yet been audited for GDPR compliance by an independent third party. However, we will be engaging a specialist to do this.
How can I remove all account data from your systems?
You can remove the vast majority of information records from your systems from the account settings page. Use the "Delete Account" functionality and we will automatically delete the data we keep about you and your account.
There may still be residual information such as errors logs, emails, calendar invites, data backups etc that record some personal information about you (primarily email address, name and any content sent via email). If you also require this information to be deleted, please contact our privacy officer (firstname.lastname@example.org).
How can I remove my information if I am a user or employee?
You may delete your user account from the "My Settings" page. However, your information may still be kept on our systems by the person who owns the Runn account. You will need to ask them directly to remove information they have kept about you (such as your name, email, timesheets, etc).
Third Party Service Providers
The primary hosting service for Runn, and Runn’s database
All information entered into Runn is hosted on these service. Deleted on account deleted. Backups deleted within 90 days.
- Redis Labs
Temporary data store to speed up Runn’s service
Contains user email addresses. Automatically deleted within 48 hours.
Used to provide customer support
Contains names and email addresses. Deleted on account deletion.
- Rollbar / Logentries
Error reporting and monitoring
Contains email addresses of user who have triggered an error alert. Automatically deleted within 90 days
Used by Runn for internal communications.
May contain logs of names and email addresses. Most automatically deleted within 14 days.
- Calendly / Zoom
Used to book demos and meetings
May contain email and name, if you have booked a demo or a meeting with the Runn team. Deleted upon request.
- Google Service (Gmail, Google Docs)
Used for internal communications and documentation
May contain email address and other personal information, if you have contacted Runn. Deleted upon request.
Used for payment processing and invoicing
Contains personal information, including names and address, and credit card details. Kept for legal reasons.
- Segment / Sherlock / Hubspot / ProfitWell
Used to provide insights into how active an account is, if you are a paying customer and how much you are paying, the number of users and projects your account has and helps us target proactive support to the correct accounts and users
Contains personal information, including names and email addresses. Deleted on account deletion.
- FullStory / Google Analytics
Used to provide support and usage statistics on users.
Does not contain personal information, but aggregated and anonymized statistical and analytical data from your account used to improve out services. FullStory deleted within 14 days. Google Analytics deleted on request.
What if I need more information, or have a special request?