RunsOn RunsOn
RunsOn RunsOn

Privacy policy

Privacy policy for RunsOn

1. Scope

  • This Privacy Policy explains how RunsOn collects, uses, and shares personal data when RunsOn acts as a controller.
  • RunsOn is not a conventional hosted CI/CD SaaS. Core workflow execution, runner VMs, caches, logs, queue payloads, and GitHub App credentials normally stay in the customer’s AWS account rather than in a shared RunsOn control plane.
  • This means the main data flows covered by this Policy are limited RunsOn-side flows such as product telemetry sent to runs-on.com, licensing and billing records, website and changelog signups, and ordinary support or procurement correspondence.
  • If RunsOn processes Customer personal data solely on the Customer’s behalf for a narrow support or diagnostic task, that processing is governed by the Data Processing Addendum instead of this Policy to the extent required by applicable law.

2. Product telemetry

  • The Software includes telemetry functionality that sends limited technical metadata to runs-on.com.
  • This telemetry may include the time of the event, platform, architecture, instance type, instance lifecycle, AWS region, RunsOn version, organization or account identifier, boot timing metadata, networking mode, enabled integrations, enabled extras, and pool metadata.
  • This telemetry is used to understand product usage, improve product performance and reliability, support compatibility work, and operate the product.
  • By default, this telemetry does not include repository contents, customer secrets, customer job logs, or runner filesystem contents.
  • RunsOn acts as the controller for this telemetry flow. Cloudflare is used as a RunsOn-side vendor for hosting or delivery of the runs-on.com telemetry path.

3. Commercial, account, and contact data

  • We may collect and use buyer, prospect, and customer contact details, company or organization names, GitHub organization identifiers, GitHub usernames used for licensing or source access, subscription and billing records, invoice or payment-adjacent records, and other account-administration data.
  • We use this information to sell, provision, license, bill, support, and administer the RunsOn product and related services.
  • RunsOn acts as the controller for these activities.

4. Support and procurement communications

  • If you contact RunsOn for support, procurement, onboarding, or other business communications, we may process your emails, meeting notes, attachments, screenshots, logs, and related correspondence.
  • RunsOn acts as the controller for ordinary support and case-management communications handled for RunsOn’s own business purposes.
  • If you send incident artifacts or other materials containing personal data and expressly ask RunsOn to handle them solely on your instructions for diagnostic support, RunsOn may instead process those materials as a processor under the Data Processing Addendum.

5. How we share data

  • We share personal data with service providers used to operate RunsOn’s own website, telemetry path, subscriptions, billing, and similar business functions.
  • The consolidated Data Processing Addendum includes the current controller-side vendor reference and the current processor-side subprocessor disclosure for procurement review.

6. Security

  • We implement measures designed to protect the limited RunsOn-side data flows described in this Policy.
  • The strongest product-level control is architectural: core workflow execution normally remains in the customer’s AWS account.
  • More detail is available at /security/ and in the Data Processing Addendum.

7. Data retention

  • We retain personal data for as long as needed for the purposes described in this Policy, including product operations, licensing, billing, support, legal compliance, and dispute resolution.
  • Support materials processed under the DPA are retained only for the relevant support matter and any limited period required for deletion, return, or legal retention.

8. Your rights

  • Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, and to request data portability.
  • To exercise those rights, contact us using the details below.

9. Changes to this Privacy Policy

  • We may update this Privacy Policy from time to time. If we make material changes, we will update this page and may also provide additional notice where appropriate.

10. Contact

  • If you have questions about this Privacy Policy or our data practices, contact:
    • Email: ops@runs-on.com
    • Address: Cyril Rohr EIRL - 4 rue Michel Gérard, 35235 Thorigné-Fouillard, France.

For procurement review of RunsOn’s narrow processor scope, see the Data Processing Addendum.