- Company
- runn3r Limited
- Address
- Flat A, 15/F Hillier Comm. Bldg.,
65-67 Bonham Strand East,
Sheung Wan, Hong Kong - Company Number
- 79575250
- Email
- hello@runn3r.ai
- Customer Service
- Monday to Friday, 10:00 AM – 5:00 PM HKT
Introduction
runn3r Limited is committed to protecting our customer privacy and takes its responsibility regarding the security of customer information very seriously. We will be clear and transparent about the information that we collect and what we do with that information.
This policy details the following:
- What personal data we collect
- How we collect this data
- What we do with this data
- How we store the data and ensure security
- How long we keep it
What Personal Data We Collect
We collect the following types of personal and non-personal data from our customers:
- Personal Data: Any information relating to you which allows us to identify you, such as your name, contact details, payment information, and purchase details.
- Non-Personal Data: Browser types and cookies.
How We Collect This Information
We collect data through various sources during our day-to-day activities:
- Loyalty Program
- Online Sales
- Email Signup
- Third-Party Sign-In Providers (Google, Facebook, Apple)
- Cookies and Google AdWords
How We Use Your Personal Data
We use your personal data to:
- Provide goods and services to you
- Improve your shopping experience
- Keep you updated on promotions and events (if you've opted in)
- Deliver products efficiently
- Improve our products and services
Third-Party Sign-In Providers (OAuth)
We offer sign-in via Google, Facebook (Meta Platforms, Inc.), and Apple as an alternative to email/password registration. When you choose to sign in with one of these providers, we receive a limited set of data from them:
- Google: email address, name, profile picture, and Google account identifier.
- Facebook: email address, first name and last name, profile picture, and a Facebook-scoped user identifier (
email and public_profile permissions). - Apple: email address (real or Apple's private relay address) and name, provided only at first sign-in; Apple does not share profile pictures.
We use this data solely to create and identify your Runn3r account, display your name and avatar in the application, and send transactional emails (password reset, security notifications). We do not post anything to your social media accounts and we do not request permissions beyond those listed above.
If you signed up with email/password and later sign in with one of the providers above using the same email address, we automatically link the two sign-in methods to the same Runn3r account to prevent duplicate accounts.
You can disconnect any third-party sign-in provider at any time in your account settings (/settings → Account). Disconnecting removes the link between your Runn3r account and that provider; it does not delete your Runn3r account or affect your other sign-in methods.
To fully revoke Runn3r's access to your data on the provider's side, also remove Runn3r from your provider's authorized applications list: Google, Facebook, Apple ID.
Data Retention
We will keep your personal data as long as required to fulfill our obligations to you. After fulfilling our obligations, under applicable law, we are required to keep transaction details for a further 6 years. After this period, your personal data will be deleted.
Your Data Protection Rights
Under GDPR, you have the right to:
- Access your data
- Correct your data
- Have your data erased
- Object to data processing
- Not be subject to automated decision making, including profiling
Data Sharing and Sub-Processors
Your personal data will never be sold to any third party for marketing purposes. We work with trusted service providers (sub-processors) who are contractually bound to process your data only on our instructions and in accordance with GDPR:
- Cloudflare, Inc. (United States) — application hosting, edge compute, content delivery, and storage.
- Neon, Inc. (United States) — managed PostgreSQL database hosting.
- Resend Corp. (United States) — transactional email delivery (password resets, security notifications).
- Google LLC, Meta Platforms, Inc., Apple Inc. — only when you choose to sign in with their respective OAuth services (see "Third-Party Sign-In Providers" above).
- Payment processors (Stripe, PayPal, Paddle, Przelewy24) — only when you make a purchase, and limited to the data required to complete the transaction.
- Domain registrars — when you purchase a domain through Runn3r, the registrar processes the data required to register and maintain that domain. Current registrar partners:
- OVH sp. z o.o. (Poland) — used for
.pl domains and selected European TLDs. - Porkbun LLC (United States) — used for
.com, .net, .io, .app and most other generic TLDs.
Registrars are themselves required to forward registrant details to the relevant registry (e.g. NASK for .pl, Verisign for .com) and, where applicable, publish them in the public RDDS / WHOIS directory in accordance with ICANN and registry policies.
We ensure that every sub-processor we engage provides an adequate level of data protection, and we maintain Data Processing Agreements with each.
Domain Registration Data
If you purchase a domain through Runn3r, additional data may be processed beyond what is described above:
- Registrant data. Runn3r is recorded as the registrant for operational reasons (see our Terms of Service). The registrant contact details sent to the registrar and registry are Runn3r's own business contact details, not yours, unless you explicitly request a transfer of the domain to your own account.
- Identity verification. In limited cases — for example, the registrar's anti-fraud review for country-code TLDs such as
.pl — the registrar may ask Runn3r for additional documentation to verify the registrant. We will only share information about you with the registrar if you have explicitly authorised the transfer of the domain to you, in which case the registration is updated to use your own contact details. - Public WHOIS / RDDS. Where the registry operates a public directory, the registered contact details (i.e. Runn3r's, or yours after transfer) may be published. Runn3r itself does not publish your personal data in WHOIS / RDDS.
- Retention. Domain registration records are retained for as long as the domain is active in your account, plus the legal retention period for transactional data (six years), after which they are deleted in line with the rest of this Policy.
Changes to Privacy Policy
Our privacy policy may change from time to time. Any changes to the statement will be communicated to you by email or a notice on our website.
For any complaints or queries regarding your personal data, please contact our Data Protection Officer at hello@runn3r.ai.