Privacy Policy

Effective: February 27, 2026

This Privacy Policy explains how Runix ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use the Runix cloud deployment platform, website, APIs, and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

We collect the following categories of information:

1.1 Account Information

  • Email address — provided during registration or through GitHub OAuth.
  • GitHub username and profile data — when you connect your GitHub account for authentication or repository access.
  • Display name — if provided in your account settings.
  • Organization and project metadata — project names, deployment configurations, and team membership.

1.2 Usage Data

  • Deployment logs — build output, runtime logs, and error messages generated by your applications.
  • Application metrics — resource usage (CPU, memory, bandwidth), request counts, and response times.
  • Platform activity — login timestamps, API requests, CLI usage, and dashboard interactions.
  • Device and browser information — IP address, browser type, operating system, and referral URLs.

1.3 Payment Data

Payment processing is handled entirely by Stripe. We do not store your full credit card number, CVC, or other sensitive payment credentials on our servers. We receive and store only a billing email, card brand, last four digits, and subscription status from Stripe for record-keeping purposes.

1.4 Source Code and Application Data

When you deploy applications, we temporarily access your source code to build Docker images and run your applications. Your source code is processed in isolated build environments and is not shared with third parties. Built container images are stored for the duration of your deployment.

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service.
  • Process deployments, build applications, and manage container lifecycles.
  • Authenticate your identity and authorize access to your resources.
  • Process payments and manage your subscription.
  • Send transactional communications (deployment status, billing receipts, security alerts).
  • Monitor and improve Service performance, reliability, and security.
  • Detect and prevent abuse, fraud, and security threats.
  • Comply with legal obligations and respond to lawful requests.

3. Cookies

We use the following types of cookies:

  • Essential cookies — session cookies required for authentication and maintaining your logged-in state. These are strictly necessary for the Service to function and cannot be disabled.
  • Analytics cookies — we use privacy-respecting analytics to understand how users interact with the Service. This data is aggregated and does not personally identify you.

We do not use advertising cookies or share cookie data with advertising networks. You can manage cookie preferences through your browser settings.

4. Third-Party Services

The Service integrates with the following third-party providers, each with their own privacy policies:

  • Stripe — payment processing and subscription management. Stripe collects and processes payment data under their own Privacy Policy.
  • GitHub — OAuth authentication and repository access. When you connect your GitHub account, we receive your public profile information and repository data as authorized by you. See GitHub's Privacy Statement.
  • Cloudflare — DNS management, CDN, and DDoS protection for our frontend and API. Cloudflare may process request metadata (IP addresses, headers) in accordance with their Privacy Policy.
  • Anthropic (Claude AI) — we use Claude AI to generate Dockerfiles for your deployments. Minimal metadata about your project structure (language, framework, file list) may be sent to Anthropic. Your source code content is not sent to AI services.

5. Data Retention

  • Account data — retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except as required by law.
  • Deployment logs — retained according to your subscription plan (free plans: 24 hours; paid plans: up to 30 days). You can delete logs at any time from your dashboard.
  • Build artifacts — Docker images and build caches are retained for the duration of your deployment. They are deleted when you remove the deployment or delete your account.
  • Billing records — transaction records and invoices are retained for 7 years as required for tax and accounting compliance.
  • Audit logs — security and access logs are retained for up to 90 days for security monitoring purposes.

6. Your Rights (GDPR and Other Regulations)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete personal data.
  • Right to erasure — request deletion of your personal data, subject to legal retention requirements.
  • Right to data portability — receive your personal data in a structured, commonly used, machine-readable format.
  • Right to restriction — request that we limit the processing of your personal data in certain circumstances.
  • Right to object — object to the processing of your personal data for specific purposes, including direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@runixcloud.dev. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2+ and at rest using AES-256 encryption.
  • Isolated build and runtime environments for each deployment.
  • Regular security audits and vulnerability assessments.
  • Access controls and authentication requirements for all administrative operations.
  • Encrypted storage of sensitive data such as environment variables and API keys.

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete that information as promptly as possible. If you believe a child under 16 has provided us with personal data, please contact us at privacy@runixcloud.dev.

9. International Data Transfers

Your data may be transferred to, stored, and processed in countries other than your country of residence, including the United States and the European Union. When we transfer personal data across borders, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on adequacy decisions.

By using the Service, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your own. We take steps to ensure that your data receives an adequate level of protection regardless of where it is processed.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect.

We encourage you to review this policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

11. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

privacy@runixcloud.dev

For general legal inquiries, you can also reach us at legal@runixcloud.dev.