Privacy Policy

Last updated: April 29, 2026

Effective Date: April 29, 2026
Last Updated: April 29, 2026

Important Notice

This Privacy Policy explains how runrates.ai (“we”, “us”, or “our”) collects, uses, discloses, and protects your personal information when you use our website and services (collectively, the “Service”). We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Introduction

runrates.ai operates a software-as-a-service platform accessible at runrates.ai. Your privacy is important to us. This policy describes what information we collect, how we use it, and the choices you have regarding your data. By using the Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

We collect the following categories of information:

Information you provide directly:

Account information — name, email address, and password when you create an account.
Profile information — avatar, display name, and other optional profile details.
Payment information — billing address and payment method details (processed securely by our third-party payment processor, Stripe; we do not store full card numbers).
Communications — any messages, feedback, or support requests you send to us.

Information collected automatically:

Usage data — pages visited, features used, actions taken within the Service, and timestamps.
Device and browser data — IP address, browser type and version, operating system, device identifiers, and screen resolution.
Cookies and similar technologies — see Section 9 below for details.

3. How We Use Your Information

We use the information we collect to:

Provide and maintain the Service — create and manage your account, process transactions, and deliver features.
Improve the Service — analyze usage patterns, diagnose technical issues, and develop new features.
Communicate with you — send transactional emails (account verification, password resets, billing receipts), respond to support requests, and, with your consent, send product updates or newsletters.
Ensure security — detect, prevent, and respond to fraud, abuse, and security incidents.
Comply with legal obligations — fulfill our legal and regulatory requirements.

4. Legal Basis for Processing

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

Performance of a contract — processing necessary to provide the Service you signed up for.
Legitimate interests — analytics, service improvement, and security, where these interests are not overridden by your rights.
Consent — where you have explicitly opted in, such as for marketing communications. You may withdraw consent at any time.
Legal obligation — processing required to comply with applicable laws.

We do not sell your personal information. We may share your data with the following categories of third parties, only as necessary:

Service providers — hosting (cloud infrastructure), payment processing (Stripe), email delivery, and analytics providers that help us operate the Service. These providers are contractually obligated to protect your data.
Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request.
Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.
With your consent — we may share data for other purposes if you explicitly agree.

6. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

Encryption of data in transit (TLS/HTTPS) and at rest.
Secure authentication mechanisms, including hashed passwords.
Regular security assessments and monitoring.
Access controls limiting employee access to personal data on a need-to-know basis.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Specifically:

Account data — retained for the duration of your account. Upon account deletion, we will remove or anonymize your data within 30 days, except where retention is required for legal, tax, or audit purposes.
Usage and analytics data — retained in aggregated or anonymized form for up to 24 months.
Payment records — retained as required by applicable financial regulations.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure — request deletion of your personal data (“right to be forgotten”).
Restriction — request that we limit the processing of your data.
Data portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests or for direct marketing.
Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at nico@aqueductsconsulting.com. We will respond within 30 days. If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority.

9. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Service:

Essential cookies — required for the Service to function (e.g., session management, authentication). These cannot be disabled.
Analytics cookies — help us understand how the Service is used so we can improve it. These are only set with your consent where required by law.

We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may impair your ability to use the Service.

See our Cookie Policy for details.

10. Children’s Privacy

The Service is not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at nico@aqueductsconsulting.com.

11. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including countries that may have different data protection standards. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on the recipient’s participation in recognized data protection frameworks.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Service and updating the “Last Updated” date above. For significant changes, we may also notify you via email or an in-app notification. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: nico@aqueductsconsulting.com

Resources

Effective Date: April 29, 2026
Last Updated: April 29, 2026

Important Notice

1. Introduction

2. Information We Collect

We collect the following categories of information:

Information you provide directly:

Account information — name, email address, and password when you create an account.
Profile information — avatar, display name, and other optional profile details.
Payment information — billing address and payment method details (processed securely by our third-party payment processor, Stripe; we do not store full card numbers).
Communications — any messages, feedback, or support requests you send to us.

Information collected automatically:

Usage data — pages visited, features used, actions taken within the Service, and timestamps.
Device and browser data — IP address, browser type and version, operating system, device identifiers, and screen resolution.
Cookies and similar technologies — see Section 9 below for details.

3. How We Use Your Information

We use the information we collect to:

Provide and maintain the Service — create and manage your account, process transactions, and deliver features.
Improve the Service — analyze usage patterns, diagnose technical issues, and develop new features.
Communicate with you — send transactional emails (account verification, password resets, billing receipts), respond to support requests, and, with your consent, send product updates or newsletters.
Ensure security — detect, prevent, and respond to fraud, abuse, and security incidents.
Comply with legal obligations — fulfill our legal and regulatory requirements.

4. Legal Basis for Processing

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

Performance of a contract — processing necessary to provide the Service you signed up for.
Legitimate interests — analytics, service improvement, and security, where these interests are not overridden by your rights.
Consent — where you have explicitly opted in, such as for marketing communications. You may withdraw consent at any time.
Legal obligation — processing required to comply with applicable laws.

We do not sell your personal information. We may share your data with the following categories of third parties, only as necessary:

Service providers — hosting (cloud infrastructure), payment processing (Stripe), email delivery, and analytics providers that help us operate the Service. These providers are contractually obligated to protect your data.
Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request.
Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.
With your consent — we may share data for other purposes if you explicitly agree.

6. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

Encryption of data in transit (TLS/HTTPS) and at rest.
Secure authentication mechanisms, including hashed passwords.
Regular security assessments and monitoring.
Access controls limiting employee access to personal data on a need-to-know basis.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Specifically:

Account data — retained for the duration of your account. Upon account deletion, we will remove or anonymize your data within 30 days, except where retention is required for legal, tax, or audit purposes.
Usage and analytics data — retained in aggregated or anonymized form for up to 24 months.
Payment records — retained as required by applicable financial regulations.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure — request deletion of your personal data (“right to be forgotten”).
Restriction — request that we limit the processing of your data.
Data portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests or for direct marketing.
Withdraw consent — where processing is based on consent, withdraw it at any time.

9. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Service:

Essential cookies — required for the Service to function (e.g., session management, authentication). These cannot be disabled.
Analytics cookies — help us understand how the Service is used so we can improve it. These are only set with your consent where required by law.

We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may impair your ability to use the Service.

See our Cookie Policy for details.

10. Children’s Privacy

11. International Data Transfers

12. Changes to This Policy

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: nico@aqueductsconsulting.com

Privacy Policy

Important Notice

1. Introduction

2. Information We Collect

3. How We Use Your Information

4. Legal Basis for Processing

5. Data Sharing and Disclosure

6. Data Security

7. Data Retention

8. Your Rights

9. Cookies and Tracking

10. Children’s Privacy

11. International Data Transfers

12. Changes to This Policy

13. Contact Information

Resources

Privacy Policy

Important Notice

1. Introduction

2. Information We Collect

3. How We Use Your Information

4. Legal Basis for Processing

5. Data Sharing and Disclosure

6. Data Security

7. Data Retention

8. Your Rights

9. Cookies and Tracking

10. Children’s Privacy

11. International Data Transfers

12. Changes to This Policy

13. Contact Information

Resources