Privacy Policy

Runpost ("we", "us", or "our") operates the Runpost platform, including the website at runpost.app and the web application at app.runpost.app. This Privacy Policy explains what information we collect, how we use it, and what rights you have over it.

By using Runpost, you agree to the practices described in this policy. If you have questions, contact us at ian@runpost.app.

1. What we collect

We collect the following types of information when you use Runpost:

• Account information — your name and email address when you create an account.
• Phone number — if you opt in to SMS alerts, we collect your phone number to deliver those messages via Twilio.
• Uploaded CSV data — if you upload transaction or invoice data as a CSV file, we store it temporarily to generate your reports.
• Wave accounting data — if you connect your Wave account via OAuth, we read your invoice and transaction data to generate reports. We do not store raw Wave data beyond what is needed to produce aggregated analysis.
• Generated reports — the business reports and summaries we produce for you are stored in your account.
• Chat history — conversations you have with the Runpost AI advisor are stored to provide context across sessions.
• Usage logs — standard server logs including IP addresses, browser type, pages visited, and timestamps, used for security and service improvement.

2. What we do NOT collect

• No payment data — Runpost does not collect or store credit card numbers or other payment information. Payments, if applicable, are handled by a third-party processor.
• No data selling — we do not sell, rent, or trade your personal information to third parties for their marketing purposes.
• No AI training — your data is never used to train AI models, whether by Runpost or by our AI providers. We use the APIs of AI providers under terms that prohibit training on customer data.

3. How we use your data

• Provide the service — to generate reports, power the AI advisor, track your business metrics, and display your dashboard.
• Send SMS alerts — if you opt in, we use your phone number to send you automated business alerts via Twilio. You can opt out at any time by replying STOP.
• Personalize reports — your historical data and chat history allow us to produce reports that are relevant to your specific business context.
• Transactional email — we send account-related emails such as report notifications and important service updates via Resend.

We do not use your data for advertising, profiling for third parties, or any purpose not listed above.

4. SMS messaging

Runpost offers optional SMS notifications for business alerts. By providing your phone number and enabling SMS in your account settings, you consent to receive automated text messages from Runpost.

• You can opt out at any time by replying STOP to any message you receive.
• Message and data rates may apply depending on your mobile carrier and plan.
• We do not share your phone number with third parties for their own marketing purposes.
• SMS messages are delivered via Twilio. See Twilio's privacy policy for their data handling practices.

5. Third-party services

Runpost uses the following third-party services to operate the platform. Each has its own privacy policy governing their use of data.

• AWS S3 — file storage for uploaded CSVs and generated reports.
• Supabase — database and authentication infrastructure.
• Wave OAuth — integration with Wave Financial to read your accounting data.
• Anthropic Claude API — AI language model used to generate reports and power the advisor chat.
• OpenAI API — AI language model used for certain analysis features.
• Twilio — SMS delivery for business alerts.
• Resend — transactional email delivery.
• Zep — long-term memory storage for the AI advisor chat history.

Raw invoice or transaction rows are never sent to AI providers. Only aggregated statistics and summaries are used in AI prompts.

6. Data security

We take reasonable measures to protect your data:

• All data is transmitted over HTTPS.
• Your data is isolated per account — one user cannot access another's data.
• Raw financial data is never sent to AI providers. Only aggregated metrics are used in AI-generated analysis.
• Wave OAuth tokens are stored securely and used only to read your data on your behalf.

No method of transmission or storage is 100% secure. We will notify you if we become aware of a breach affecting your data.

7. Your rights

You have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Deletion — request that we delete your account and associated data. See our Data Deletion Policy for details.
• Correction — request that we correct inaccurate information about you.
• Portability — request your data in a portable format.

To exercise any of these rights, email us at ian@runpost.app. We will respond within a reasonable timeframe.

8. Children

Runpost is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page and, where appropriate, notify you by email. Continued use of Runpost after changes are posted constitutes your acceptance of the updated policy.

10. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at ian@runpost.app.