RuNari Ltd (“RuNari”, “we”, “us”, or “our”) operates the website at https://runari.net and the RuNari SaaS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1. Who We Are

RuNari Ltd is the data controller for personal data collected through this website and the RuNari platform. You can contact us at privacy@runari.net.

2. Information We Collect

2.1 Information you provide directly

Account registration: name, email address, organisation name, and chosen workspace slug.
Billing: payment details are collected and processed by Stripe — we do not store full card numbers.
Communications: messages you send us via the contact form or email.
Content: documents, notes, tasks, and course materials you upload to the platform.

2.2 Information collected automatically

Usage data: pages visited, features used, timestamps, and session duration.
Technical data: IP address, browser type, operating system, and referring URL.
Cookies: see our Cookie Policy for details.

3. How We Use Your Information

We use your information to:

Provide, maintain, and improve the RuNari platform
Process billing and manage your subscription
Send transactional emails (account setup, invoices, alerts)
Respond to support requests and enquiries
Analyse usage patterns to improve our product (aggregated, anonymised where possible)
Comply with legal obligations

4. Legal Basis for Processing

We process your personal data under the following lawful bases (UK GDPR Article 6):

Contract (Art. 6(1)(b)): processing necessary to provide the RuNari service you have signed up for.
Legitimate interests (Art. 6(1)(f)): security monitoring, fraud prevention, and product analytics.
Legal obligation (Art. 6(1)(c)): compliance with UK tax law, anti-money laundering regulations, and other applicable laws.
Consent (Art. 6(1)(a)): marketing emails and non-essential cookies — you may withdraw consent at any time.

5. Data Sharing and Disclosure

We do not sell your personal data. We share data only with trusted sub-processors necessary to operate the service:

Stripe — payment processing (UK/EU adequacy)
Microsoft Azure — cloud hosting and blob storage (UK data centres)
Cloudflare — CDN, DNS, and video hosting (SCCs in place)
Plausible Analytics — privacy-friendly website analytics (EU hosted, no cookies)

We may disclose data if required by law, court order, or to protect the rights, property, or safety of RuNari, our users, or the public.

6. Data Retention

We retain your personal data for as long as your account is active. On account deletion, we delete or anonymise your data within 30 days, except where we are required to retain it for legal or accounting purposes (typically 6 years under UK tax law).

7. Your Rights

Under UK GDPR you have the right to:

Access: request a copy of the personal data we hold about you.
Rectification: correct inaccurate or incomplete data.
Erasure (“right to be forgotten”): request deletion of your data where we have no overriding legitimate reason to retain it.
Restriction: limit how we use your data in certain circumstances.
Portability: receive your data in a structured, machine-readable format.
Objection: object to processing based on legitimate interests.
Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email privacy@runari.net. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

We use cookies and similar tracking technologies. For full details, see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest, regular security audits, and access controls. However, no method of transmission over the internet is 100% secure.

10. International Transfers

Where we transfer your data outside the UK, we ensure appropriate safeguards are in place (such as UK Adequacy Regulations or Standard Contractual Clauses).

11. Children

The RuNari service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email (for registered users) and by updating the “Last updated” date above. Your continued use of the service after changes constitutes acceptance.

13. Contact

For privacy-related queries, contact us at: privacy@runari.net
RuNari Ltd, United Kingdom.