Last updated: 7 July 2026
Runnit is built by Null Theory, an Australian owned and operated company. This Privacy Policy explains how we collect, use, share and protect personal information when you visit runnit.io, contact us, request early access, or use the Runnit product.
We have written this in plain English because privacy should not feel like a puzzle box. Some legal bits are still legal bits, but we have kept them as simple as we can.
1. Who this policy applies to
This policy applies to:
- Visitors to the Runnit website.
- People who submit a contact form or early access request.
- Customers, team members and invited users of the Runnit product.
- Client-side users or collaborators who interact with a workspace, form, project, file, brief, task or workflow in Runnit.
When an agency or organisation uses Runnit, that organisation usually controls the personal information it adds to the platform. In that case, Runnit acts as a service provider or processor for that customer. For information we collect directly for our own business, such as website analytics, sales enquiries and account administration, Runnit acts as the controller or business responsible for that information.
2. What Runnit does
Runnit is a multi-tenant creative operations platform for agencies and in-house teams. The product combines project and brief workflows, scheduling, asset management, AI-assisted generation and organisation-level access control in one system.
Because Runnit helps teams manage real work, the platform may process project data, briefs, tasks, schedules, files, assets, conversations, reports, team details and client context that users choose to add.
3. Information we collect
Information you give us
- Contact and identity details: name, email address, phone number, company name, company size, role, location and enquiry details.
- Account details: login credentials, authentication details, user profile, organisation membership, invite status, permissions and account settings.
- Workspace content: briefs, projects, tasks, schedules, comments, conversations, reports, forms, automations, dashboard content and other information entered into Runnit.
- Assets and files: uploaded files, brand assets, project files, generated assets, file metadata, versions, tags, summaries and links between files and entities such as projects, jobs and organisations.
- AI inputs and outputs: prompts, instructions, chat messages, generated copy, generated images or video, agent job details and related workflow context.
- Support information: messages, screenshots, diagnostics, feedback, bug reports and other details you send us when asking for help.
Information collected automatically
- Usage data: pages viewed, actions taken, features used, session activity, referring pages and approximate timestamps.
- Device and technical data: IP address, browser type, device type, operating system, language settings and diagnostic logs.
- Security data: authentication events, access logs, API activity, error logs, rate-limit events and anti-abuse signals.
- Cookies and similar technologies: small files or identifiers used to keep the site working, understand usage and protect forms from spam.
Information from third parties
We may receive information from third-party services when you or your organisation connects them to Runnit, when you authenticate through supported providers, when integrated workflow tools call back into Runnit, or when service providers help us run the website and product.
4. How we use information
We use personal information to run Runnit and support the people who use it. This includes:
- Providing, maintaining and improving the website and product.
- Creating and managing accounts, organisations, roles, permissions, invites and authentication.
- Running core workflows such as briefs, projects, tasks, schedules, reports, assets, conversations, automations and agent jobs.
- Processing early access requests, sales enquiries and support requests.
- Sending service messages, product updates, onboarding messages and administrative notices.
- Helping secure the product, detect abuse, prevent fraud, debug issues and enforce access controls.
- Understanding website and product usage so we can improve Runnit.
- Complying with legal obligations, resolving disputes and enforcing agreements.
5. AI features and customer content
Runnit includes AI-assisted workflows for things like brief analysis, project and resource planning, agent tasks, image and video generation, asset analysis, semantic search and conversations.
When you use AI features, relevant prompts, instructions, files, project context, brand context, conversation text and outputs may be processed by Runnit and by AI or workflow providers used to deliver that feature. Based on the product documentation, Runnit can use services such as OpenAI for embeddings and model-backed analysis, FAL for image and video generation, n8n for webhook orchestration, and Crawl4AI for web scraping workflows when those features are configured.
We do not treat AI as magic. It is software that processes information. Please do not put sensitive personal information, regulated health data, payment card data, government identifiers or secrets into prompts or files unless your organisation has approved that use and has the right safeguards in place.
Where a customer uses Runnit for its own workspace content, that customer is responsible for deciding what information is added, which users can access it, and whether AI features are suitable for that content.
6. Legal bases for processing
Depending on where you are located, privacy laws may require us to identify a legal basis for processing personal information. We rely on one or more of the following where applicable:
- Contract: to provide Runnit, manage accounts, support users and deliver requested services.
- Legitimate interests: to secure, improve and operate our business, respond to enquiries, prevent abuse and understand product usage.
- Consent: where we ask for consent, such as certain marketing, cookies or optional integrations.
- Legal obligation: where we need to comply with law, tax, accounting, security or regulatory requirements.
- Vital or public interests: where recognised by law and relevant in rare circumstances.
7. How we share information
We do not sell personal information. We may share information in the following ways:
- With your organisation: workspace administrators and authorised users may access information in their Runnit workspace based on permissions and roles.
- With service providers: hosting, storage, database, analytics, email, security, customer support, AI, workflow automation and infrastructure providers that help us run Runnit.
- With integrations: services your organisation chooses to connect to Runnit.
- For legal and safety reasons: where required by law, court order, regulator request, security investigation or to protect rights, safety and property.
- Business transfers: if we are involved in a merger, acquisition, financing, restructure or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.
8. Cookies, analytics and forms
The Runnit website uses Google Analytics to understand website traffic and usage. The site also uses Cloudflare Turnstile to help protect forms from spam and abuse. These services may collect technical information such as IP address, browser details, device details and interaction signals.
You can usually control cookies through your browser settings. If you block some cookies or scripts, parts of the website or product may not work properly. Fair warning, the internet is held together by tiny crumbs.
9. Security
We use technical and organisational measures designed to protect personal information. Runnit is built with authenticated access, organisation-level tenancy, role-based permissions, access controls, API protections, logging and security monitoring. Product documentation also records security testing and remediation work.
No online service can be 100% secure. If you believe you have found a security issue or unauthorised access, contact us as soon as possible via privacy@runnit.io.
10. International transfers
Runnit is operated from Australia, but the services we use may process information in other countries. Those countries may have privacy laws that differ from the laws where you live.
Where required, we use appropriate safeguards for international transfers. These may include contracts, data processing terms, standard contractual clauses, transfer risk assessments or other lawful transfer mechanisms.
11. Data retention
We keep personal information only for as long as reasonably needed for the purposes described in this policy, unless a longer period is required or permitted by law.
Retention periods depend on the type of information, the customer agreement, product settings, legal requirements, security needs and whether the information is part of a customer workspace. For example, account records, audit logs, support records, backups and billing-related records may be kept for different periods.
When information is no longer needed, we delete it, de-identify it or archive it in line with our operational and legal requirements.
12. Your rights and choices
Depending on where you live, you may have rights to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete personal information, where the law allows.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
- Request a portable copy of certain information.
- Opt out of direct marketing.
- Complain to a privacy regulator.
If your information is held inside a Runnit workspace controlled by one of our customers, we may need to refer your request to that customer or ask them for instructions. That is because they control the workspace content.
13. Australian privacy rights
As an Australian business, we aim to handle personal information in line with the Australian Privacy Act 1988 and the Australian Privacy Principles where they apply. You may contact us to ask about access, correction or a privacy concern.
If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.
14. European and UK privacy rights
If the GDPR, UK GDPR or similar laws apply to you, you may have the rights listed above. You may also have the right to lodge a complaint with your local supervisory authority.
Where Runnit processes customer workspace content for an organisation, Runnit generally acts as processor and the customer acts as controller. Where Runnit collects information for its own purposes, such as website enquiries or analytics, Runnit generally acts as controller.
15. United States privacy rights
Some United States privacy laws, including California privacy laws, may give residents specific rights to know, access, correct, delete or opt out of certain uses of personal information.
Runnit does not sell personal information. We also do not knowingly share personal information for cross-context behavioural advertising as those terms are commonly used under California privacy law. If that changes, we will update this policy and provide required choices.
We will not discriminate against you for exercising privacy rights. That means we will not deny service, charge a different price or provide a different level of service simply because you made a valid privacy request, unless the law allows it.
16. Children
Runnit is designed for business use. It is not intended for children, and we do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, contact us and we will take appropriate steps.
17. Marketing communications
If you request early access, contact us or sign up for updates, we may send you emails about Runnit. You can opt out of marketing emails at any time by using the unsubscribe link where available or by contacting us.
We may still send service or administrative messages, such as security notices, account updates or changes to legal terms.
18. Customer responsibilities
Customers are responsible for using Runnit lawfully. This includes:
- Only adding personal information they are allowed to process.
- Giving required notices to their own users, clients, staff and collaborators.
- Managing user access, permissions and offboarding.
- Choosing whether AI features, integrations and automations are suitable for their data.
- Responding to privacy requests for information held in their workspace, where they control that information.
19. Changes to this policy
We may update this policy from time to time. If we make material changes, we will take reasonable steps to notify affected users, such as posting a notice on the website or in the product.
The date at the top tells you when this policy was last updated.
20. Contact us
For privacy questions, requests or complaints, email: privacy@nulltheory.io
Please include enough detail for us to understand the request. Please do not include passwords, secret keys or highly sensitive information in the contact form.