Privacy Policy

Effective Date: January 1, 2025  ·  Last Updated: March 24, 2025

Runline ("Runline," "we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices available to you. By using our services, you agree to this policy.

1. Information We Collect

Information You Provide Directly

• Account registration: name, email address, password
• Profile information: phone number, date of birth (for age verification), address
• Communications: messages you send to our support team

Financial Data Collected via Plaid

When you connect a financial account through Plaid, we may receive the following data from Plaid on your behalf:

• Account names, numbers (masked), types, and balances
• Transaction history (payee, amount, date, category)
• Institution names and routing information
• Identity verification data (name, address, email) if you authorize it
• Investment holdings, liabilities, and income data (if enabled)

Your bank login credentials are entered directly into Plaid's secure interface and are never transmitted to or stored by Runline. Plaid provides us a secure access token instead.

Automatically Collected Data

• IP address, browser type, operating system
• Pages visited, time spent, click patterns
• Device identifiers and session tokens
• Cookie and tracking data (see our Cookie Policy)

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Runline service
• Display your financial accounts and transactions in a unified dashboard
• Authenticate your identity and prevent fraud
• Send transactional emails (account alerts, security notifications)
• Respond to your support requests
• Comply with legal and regulatory obligations
• Analyze usage trends to improve the product (using aggregated, de-identified data)

We do not sell your personal financial data to third parties for advertising purposes.

3. Plaid and Third-Party Data Sharing

Plaid Technologies, Inc.

Our service is integrated with Plaid, a financial data aggregation platform. When you use Plaid to connect your accounts:

• You enter your banking credentials directly through Plaid's secure interface — we never see them.
• Plaid accesses your financial data directly from your financial institution on your behalf.
• Plaid shares a subset of that data with Runline via secure API, as authorized by you.
• Plaid may retain and use your data independently per its own privacy policy.

You can review Plaid's privacy practices at plaid.com/legal/end-user-privacy-policy. To revoke Plaid's access to your data, visit my.plaid.com.

Other Service Providers

We may share your data with trusted service providers who assist us in operating Runline, including:

• Cloud infrastructure providers (data storage and processing)
• Analytics providers (aggregated, de-identified usage data only)
• Email service providers (for transactional communications)
• Identity verification services (if applicable)

All service providers are contractually bound to use your data only as directed by us and to maintain appropriate security standards.

Legal Disclosures

We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our legal rights or prevent imminent harm.

4. How We Store and Protect Your Data

We implement industry-standard technical and organizational security measures, including:

• 256-bit TLS encryption for all data in transit
• AES-256 encryption for financial data at rest
• Role-based access controls limiting employee access to your data
• Multi-factor authentication on all internal systems
• Regular security audits and penetration testing
• SOC 2 Type II compliance (in progress / achieved — update as applicable)

Despite these measures, no system is 100% secure. In the event of a data breach, we will notify affected users as required by applicable law.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion:

• Account and profile data is deleted within 30 days
• Financial transaction data is deleted within 90 days
• Logs and analytics data is anonymized or deleted within 12 months
• Certain data may be retained longer if required by law

Revoking Plaid's access at my.plaid.com ends Plaid's ongoing access to your financial accounts; it does not automatically delete data already shared with Runline.

6. Your Rights and Choices

Depending on your location, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain types of processing
• Withdraw Consent: Revoke consent for data processing where consent is the basis

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

To revoke Plaid's data access specifically, visit my.plaid.com.

7. Cookies and Tracking

We use cookies and similar technologies. Please see our Cookie Policy for full details. You may manage your cookie preferences at any time through your browser settings or our consent manager.

8. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete, the right to opt out of sale, and the right to non-discrimination.

We do not sell or share your personal information for cross-context behavioral advertising. To submit a rights request, contact [email protected] or call [YOUR TOLL-FREE NUMBER].

9. Children's Privacy

Runline is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us immediately at [email protected].

10. Contact Us

For privacy questions, concerns, or requests:

• Email: [email protected]
• Mail: Runline, Attn: Privacy Team, [YOUR STREET ADDRESS], [City, State ZIP]

For Plaid-specific data requests, visit my.plaid.com or contact Plaid at plaid.com/legal.