GDPR Compliance

Last updated: 23 May 2022

Runn has undertaken steps to meet GDPR requirements including

  1. Not sharing any personal information with third parties for purely analytics or advertising purposes (Data Privacy)
  2. Allowing users and organisations to delete themselves and their data from our systems (Right to be Forgotten)
  3. Automated deletion of any data that is no longer deemed required (Right to be Forgotten)
  4. Appointing a Privacy Officer ( to oversee privacy matters
  5. The ability to export the data you have provided to us via our API and CSV exports (Data Portability)
  6. Users can confirm exactly what information we hold on them, by contacting us or checking the "Third Party Services" below (Right of Access)
  7. A Data Processing Agreement is available on request.
  8. Our data is always transmitted securely over HTTPS, passwords are kept encrypted and database and software is regularly checked for any potential security issues. Read more at

Things you should know

  1. Runn does not sell your personal data or information. Your personal information is not given to third parties for any external marketing purposes. However we may use it to send you information about Runn including product updates, features and offers.
  2. Runn hosts our customer's data in the European Union, this includes all the data you've entered into Runn.
  3. We use some third party services that are hosted outside the EU to provide services, such as our live chat, support and logs, these contain personal information such as names and email addresses. These have been verified to also meet GDPR obligations. A list of all of our 3rd party providers can be found below.
  4. We have confirmed that our 3rd party providers that host personal data outside the EU comply with GDPR requirements and EU data protection laws.
  5. Runn is headquartered in Aotearoa New Zealand - New Zealand has been certified by the EU to have adequate data protection laws to allow transfer for data without any further safeguards.
  6. Runn keeps backup and logs for up to 18 months before they are automatically deleted. When you delete your account, some information continues to be stored in backups for up to 18 months. Most will be deleted instantly.
  7. Runn separately keeps information about you are as customer for sending product updates and changes. You can request at anytime to stop receiving mail or have this data deleted as well.
  8. If you have made a payment to Runn, we are required by tax law to keep this payment information and personal details for 7 years.

How can I remove all account data from your systems?

You can remove the vast majority of information records from your systems from the account settings page. Use the "Delete Account" functionality and we will automatically delete the data we keep about you and your account.

There may still be residual information such as errors logs, emails, calendar invites, data backups etc that record some personal information about you (primarily email address, name and any content sent via email). If you also require this information to be deleted, please contact our privacy officer (

How can I remove my information if I am a user or employee?

You may delete your user account from the "My Settings" page. However, your information may still be kept on our systems by the person who owns the Runn account. You will need to ask them directly to remove information they have kept about you (such as your name, email, timesheets, etc).

Third Party Service Providers

  • Heroku
    The primary hosting service for Runn, and Runn’s database
    All information entered into Runn is hosted on these service. Deleted on account deleted. Backups deleted within 90 days. Data hosted in the EU.
  • Redis Labs
    Temporary data store to speed up Runn’s services
    Contains user email addresses. Automatically deleted within 30 days. Data hosted in the EU.
  • Intercom / Userflow
    Used to provide customer support and onboarding support
    Contains names, email addresses, communications and account data. Deleted on account deletion. Data hosted in US.
  • Rollbar / Coralogix
    Error reporting and monitoring
    Contains email addresses, IP address of user who have triggered an error alert. Some errors my also contain additional PII as was entered in forms. Automatically deleted within 90 days. Data hosted in EU.
  • Amazon AWS S3
    Long-life logs from error reporting
    Contains email addresses, IP address of user who have triggered an error alert. Some errors my also contain additional PII as was entered in forms. Encrypted at rest. Deleted after 1 year. Data hosted in US.
  • Slack
    Used by Runn for internal communications.
    May contain logs of names and email addresses. Most automatically deleted within 30 days. Data hosted in US.
  • Calendly / Zoom
    Used to book demos and meetings
    May contain email and name, if you have booked a demo or a meeting with the Runn team. Deleted upon request. Data hosted in US.
  • Google Service (Gmail, Google Docs)
    Used for internal communications and documentation
    May contain email address and other personal information, if you have contacted Runn. Deleted upon request. Data hosted in US.
  • Chargebee
    Used for payment processing and invoicing
    Contains personal information, including names and address, and credit card details. Kept to meet legal requirements. Data hosted in US.
  • Sherlock / Hubspot / ProfitWell
    sed to provide insights into account behaviour, such as the amount you pay, the number of users, people and projects your account has, and how you use the project. Analytics helps us provide support to accounts and users and understand how features are used.
    Contains personal information, including names and email addresses. Deleted on account deletion. Data hosted in US and EU.
  • Mixpanel
    Used for engagement metrics in the app, allowing us to understand how features are used in detail and make better product decisions.
    Does not contain personal information. Data hosted in EU.
  • Hubspot
    Used to contact existing and potential customers and track conversations with customers.
    Contains personal information, including names and email addresses of person contacted. Deleted on request. Data hosted in US.
  • Mailgun
    Used to send emails to all users - billing, product updates, invitations, etc.
    Contains personal information, including names and email addresses of person contacted. Automatically deleted after 7 days.
    Data hosted in US.
  • Cloundinary
    Hosts images uploaded to Runn, such as client, people and user avatars and images.
    Contains personal information, including photos of people. Deleted on request. Data hosted in US.
  • Google Analytics / Plausible
    Used to provide support and usage statistics on users.
    Does not contain personal information, but aggregated and anonymized statistical and analytical data from your account used to improve out services. Google Analytics deleted on request. Data hosted in US.
  • Cloudflare
    Used for Content Delivery Network (CDN) and Web Application Firewall (WAF) processing and securing all requests to the Runn application.
    Due to the nature of this globally distributed system, this data is processed closest to the user’s location. No customer data or personally identifiable information is stored in the service.

What if I need more information, or have a special request?

Please read our privacy policy or contact our Privacy Officer ( if you have any questions, or special requests.

Smart resource and capacity planning