Privacy Policy – Rundraft

TL;DR: We collect only what we need to run Rundraft, we don't sell your data, and you can delete it anytime.

01 — What we collect We collect account info (name, email, org), the data you connect to build your knowledge library (emails, Slack, SaaS systems), and standard usage logs (browser, IP, runtime metrics). We also receive info from SSO providers like Google or Microsoft if you connect them. 02 — How we use it To run the product. We use your data to ingest your company's knowledge, power your AI agents, and improve the platform using de-identified aggregate data. We send transactional emails to keep you informed. Marketing only with your consent. 03 — Who sees it Only vendors we need to operate the product. We never sell or rent your data. Sub-processors: AWS (hosting), Supabase (database), OpenAI & Anthropic (models), email delivery. 04 — Your data stays yours The knowledge libraries we build from your emails, Slack, and systems belong to your organization. We do not use your proprietary processes or documents to train models or share them with other customers. 05 — Security TLS encryption in transit, AES-256 at rest, role-based access controls, and audit logs. No system is 100% secure — keep your credentials safe. 06 — Retention We keep data as long as your account is active. You can request deletion of your knowledge library and associated data at any time by emailing us. Backups are purged on a 35-day rolling cycle. 07 — Your rights Depending on your location (GDPR, CCPA, etc.), you have the right to access, correct, delete, or export your data. Email us and we'll sort it within the timeframe required by law.

Data locationUnited StatesEEA/UK transfersStandard Contractual ClausesChildren (under 13)Not allowed — deleted on noticePolicy changes30-day notice for material updates

Questions? alexander@dreamerlabs.xyz