Legal

Privacy Policy

Last updated: 2026-05-22

1. Who we are

Runsite operates a Platform-as-a-Service for European indie developers and small startups, with infrastructure located in the European Union (Frankfurt, eu-central). We operate under EU privacy law.

For questions about this policy or how we handle personal data, contact us at privacy@runsite.app.

2. What this policy covers

This policy explains how we collect, use, and protect personal data when you visit runsite.site, sign up for an account on runsite.app, or interact with our services. It applies to all visitors, prospects, customers, and third parties who interact with Runsite.

3. Data we collect

We collect personal data in the following categories:

  • Account data — name, email address, and password hash when you create a Runsite account.
  • Billing data — billing address, VAT number, and payment method tokens (we do not store full card numbers).
  • Usage data — application logs, deployment metadata, and product analytics required to operate the service.
  • Website analytics — aggregated, anonymised page-view data on runsite.site.

4. Legal basis for processing

We process personal data under the following GDPR lawful bases:

  • Contract — to provide and maintain the Runsite platform.
  • Legitimate interest — to secure the service, prevent abuse, and improve the product.
  • Consent — where you opt in (e.g. marketing emails). You can withdraw consent at any time.
  • Legal obligation — for tax, accounting, and regulatory compliance.

5. Data residency

All customer application data and account data are stored on infrastructure located in the European Union (Frankfurt, eu-central region). We do not transfer customer data outside the EU/EEA without explicit consent or a lawful transfer mechanism.

6. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Object to or restrict processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@runsite.app.

7. Subprocessors

We use a limited set of EU-located subprocessors (cloud infrastructure, payment processing, email delivery). A current list is available on request at privacy@runsite.app.

8. Changes to this policy

We will post material changes here and notify registered customers by email at least 30 days before changes take effect.