runClear

Privacy Policy

Last updated: March 11, 2026

1. Introduction

runClear ("we", "us", or "our") operates the runClear platform at runclear.app. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your full name, email address, and password (stored as a secure hash). You may optionally provide a profile image.

Session & Device Data

When you sign in, we record your IP address, browser user agent, and session timestamps to maintain your authenticated session and protect your account.

Business Data

You and your organization members may enter business information including contacts, companies, deals, quotes, orders, and inventory records. This data is stored to provide the core functionality of the platform.

File Uploads

You may upload files (documents, images, spreadsheets) as attachments to records. Files are limited to 5 MB each, with a maximum of 10 attachments per record.

Activity Logs

We maintain activity logs that record actions taken within your organization (such as creating, editing, or deleting records) for audit and accountability purposes.

3. How We Use Your Information

  • Provide the service: store and display your business data, manage your account, and enable collaboration within your organization.
  • Authentication & security: verify your identity, manage sessions, enforce role-based access control, and protect against unauthorized access.
  • Communications: send transactional emails such as email verification, password resets, and organization invitations.
  • Service improvement: monitor system performance and resolve technical issues.

4. Third-Party Services

We use the following third-party services to operate the platform:

  • Convex — cloud database and file storage for your account and business data.
  • Resend — transactional email delivery for verification, password resets, and invitations.
  • Google OAuth — optional sign-in via your Google account. We receive your name, email, and profile image from Google.
  • GitHub OAuth — optional sign-in via your GitHub account. We receive your name, email, and profile image from GitHub.

These services have their own privacy policies. We do not sell your data to any third party.

5. Cookies & Local Storage

Cookies

  • Session cookie: an essential, HTTP-only cookie that maintains your authenticated session. It is secured with SameSite=Lax and transmitted only over HTTPS in production.
  • Sidebar preference: a cookie that remembers whether the navigation sidebar is open or closed (expires after 30 days).
  • Invite tracking: a temporary cookie used during the invitation acceptance flow, cleared after use.

Local Storage

We use browser local storage to save UI preferences such as table column settings and authentication state. This data stays on your device and is not transmitted to our servers.

We do not use any third-party analytics, tracking pixels, or advertising cookies.

6. Data Security

We take reasonable measures to protect your data, including:

  • Passwords are stored using secure, one-way hashing.
  • Sensitive configuration data (such as SMTP credentials) is encrypted using AES-256-GCM.
  • All connections are served over HTTPS in production.
  • Access to organization data is enforced through role-based access control (owner, admin, member).
  • API keys are rate-limited and stored as hashes, not in plain text.

7. Data Retention

  • Organization invitations expire after 2 days.
  • Sessions expire based on configured timeouts and can be revoked at any time.
  • Business records that are deleted within the platform are soft-deleted (marked as removed but retained for a period for recovery purposes).
  • Account data is retained as long as your account is active. To request deletion, contact us at the address below.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information in your account settings.
  • Request deletion of your account and associated data by contacting us.
  • Export your business data by contacting us.

To exercise any of these rights, please email us at team@runclear.app.

9. Children's Privacy

runClear is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly remove it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at team@runclear.app.