runab

Privacy Policy

Last updated: December 21, 2025

1. Introduction

runab ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our A/B testing platform and services (collectively, the "Service").

By using runab, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored in encrypted form)
  • Account preferences and settings

2.2 Usage Data

We automatically collect certain information when you use our Service:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Time and date of access
  • Referring website addresses

2.3 A/B Test Data

When you use our A/B testing features, we collect:

  • Test configurations and settings you create
  • Variant assignments for your website visitors
  • Conversion events and metrics
  • Aggregated analytics data

2.4 Payment Information

Payment processing is handled by our third-party payment processor, LemonSqueezy. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. LemonSqueezy collects and processes payment information in accordance with their own privacy policy. We receive limited information such as the last four digits of your card, card type, and billing address for record-keeping purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our Service
  • To process your transactions and manage your subscription
  • To send you technical notices, updates, and support messages
  • To respond to your comments, questions, and customer service requests
  • To monitor and analyze usage patterns and trends
  • To detect, prevent, and address technical issues and security threats
  • To enforce our Terms of Service and protect our legal rights
  • To comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with third-party service providers who perform services on our behalf, including:

  • LemonSqueezy — Payment processing
  • Supabase — Database and authentication services
  • Vercel — Hosting and infrastructure
  • Email service providers — Transactional emails

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Service. We will also retain and use your information as necessary to:

  • Comply with our legal obligations
  • Resolve disputes
  • Enforce our agreements

A/B test data and analytics are retained for the duration of your subscription. Upon account deletion, your data will be permanently removed within 30 days, except where retention is required by law.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Secure authentication mechanisms
  • Regular security assessments
  • Access controls and audit logging

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain data protection rights under the General Data Protection Regulation (GDPR):

  • Right to Access — Request a copy of your personal data
  • Right to Rectification — Request correction of inaccurate data
  • Right to Erasure — Request deletion of your personal data
  • Right to Restrict Processing — Request limitation of processing
  • Right to Data Portability — Receive your data in a structured format
  • Right to Object — Object to processing of your personal data
  • Right to Withdraw Consent — Withdraw consent at any time

To exercise these rights, please contact us at privacy@runab.io. We will respond to your request within 30 days.

Legal Basis for Processing (EEA Users): We process your personal data based on: (a) your consent; (b) the necessity to perform our contract with you; (c) our legitimate interests; or (d) compliance with legal obligations.

8. Your Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — Request disclosure of personal information collected, used, and shared
  • Right to Delete — Request deletion of your personal information
  • Right to Opt-Out — Opt out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination — Not be discriminated against for exercising your rights

To exercise these rights, please contact us at privacy@runab.io. We will verify your identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies — Required for the Service to function (authentication, security)
  • Analytics Cookies — Help us understand how you use our Service
  • Preference Cookies — Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service.

10. Third-Party Links

Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including the use of Standard Contractual Clauses approved by the European Commission where applicable.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide notice via email or a prominent notice on our Service. Your continued use of the Service after such modifications constitutes your acknowledgment and acceptance of the modified Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority.