All resources Page

Privacy Policy

Last updated: 7 July 2026

Runnit is built by Null Theory, an Australian owned and operated company. This Privacy Policy explains how we collect, use, share and protect personal information when you visit runnit.io, contact us, request early access, or use the Runnit product.

We have written this in plain English because privacy should not feel like a puzzle box. Some legal bits are still legal bits, but we have kept them as simple as we can.

1. Who this policy applies to

This policy applies to:

When an agency or organisation uses Runnit, that organisation usually controls the personal information it adds to the platform. In that case, Runnit acts as a service provider or processor for that customer. For information we collect directly for our own business, such as website analytics, sales enquiries and account administration, Runnit acts as the controller or business responsible for that information.

2. What Runnit does

Runnit is a multi-tenant creative operations platform for agencies and in-house teams. The product combines project and brief workflows, scheduling, asset management, AI-assisted generation and organisation-level access control in one system.

Because Runnit helps teams manage real work, the platform may process project data, briefs, tasks, schedules, files, assets, conversations, reports, team details and client context that users choose to add.

3. Information we collect

Information you give us

Information collected automatically

Information from third parties

We may receive information from third-party services when you or your organisation connects them to Runnit, when you authenticate through supported providers, when integrated workflow tools call back into Runnit, or when service providers help us run the website and product.

4. How we use information

We use personal information to run Runnit and support the people who use it. This includes:

5. AI features and customer content

Runnit includes AI-assisted workflows for things like brief analysis, project and resource planning, agent tasks, image and video generation, asset analysis, semantic search and conversations.

When you use AI features, relevant prompts, instructions, files, project context, brand context, conversation text and outputs may be processed by Runnit and by AI or workflow providers used to deliver that feature. Based on the product documentation, Runnit can use services such as OpenAI for embeddings and model-backed analysis, FAL for image and video generation, n8n for webhook orchestration, and Crawl4AI for web scraping workflows when those features are configured.

We do not treat AI as magic. It is software that processes information. Please do not put sensitive personal information, regulated health data, payment card data, government identifiers or secrets into prompts or files unless your organisation has approved that use and has the right safeguards in place.

Where a customer uses Runnit for its own workspace content, that customer is responsible for deciding what information is added, which users can access it, and whether AI features are suitable for that content.

6. Legal bases for processing

Depending on where you are located, privacy laws may require us to identify a legal basis for processing personal information. We rely on one or more of the following where applicable:

7. How we share information

We do not sell personal information. We may share information in the following ways:

8. Cookies, analytics and forms

The Runnit website uses Google Analytics to understand website traffic and usage. The site also uses Cloudflare Turnstile to help protect forms from spam and abuse. These services may collect technical information such as IP address, browser details, device details and interaction signals.

You can usually control cookies through your browser settings. If you block some cookies or scripts, parts of the website or product may not work properly. Fair warning, the internet is held together by tiny crumbs.

9. Security

We use technical and organisational measures designed to protect personal information. Runnit is built with authenticated access, organisation-level tenancy, role-based permissions, access controls, API protections, logging and security monitoring. Product documentation also records security testing and remediation work.

No online service can be 100% secure. If you believe you have found a security issue or unauthorised access, contact us as soon as possible via privacy@runnit.io.

10. International transfers

Runnit is operated from Australia, but the services we use may process information in other countries. Those countries may have privacy laws that differ from the laws where you live.

Where required, we use appropriate safeguards for international transfers. These may include contracts, data processing terms, standard contractual clauses, transfer risk assessments or other lawful transfer mechanisms.

11. Data retention

We keep personal information only for as long as reasonably needed for the purposes described in this policy, unless a longer period is required or permitted by law.

Retention periods depend on the type of information, the customer agreement, product settings, legal requirements, security needs and whether the information is part of a customer workspace. For example, account records, audit logs, support records, backups and billing-related records may be kept for different periods.

When information is no longer needed, we delete it, de-identify it or archive it in line with our operational and legal requirements.

12. Your rights and choices

Depending on where you live, you may have rights to:

If your information is held inside a Runnit workspace controlled by one of our customers, we may need to refer your request to that customer or ask them for instructions. That is because they control the workspace content.

13. Australian privacy rights

As an Australian business, we aim to handle personal information in line with the Australian Privacy Act 1988 and the Australian Privacy Principles where they apply. You may contact us to ask about access, correction or a privacy concern.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.

14. European and UK privacy rights

If the GDPR, UK GDPR or similar laws apply to you, you may have the rights listed above. You may also have the right to lodge a complaint with your local supervisory authority.

Where Runnit processes customer workspace content for an organisation, Runnit generally acts as processor and the customer acts as controller. Where Runnit collects information for its own purposes, such as website enquiries or analytics, Runnit generally acts as controller.

15. United States privacy rights

Some United States privacy laws, including California privacy laws, may give residents specific rights to know, access, correct, delete or opt out of certain uses of personal information.

Runnit does not sell personal information. We also do not knowingly share personal information for cross-context behavioural advertising as those terms are commonly used under California privacy law. If that changes, we will update this policy and provide required choices.

We will not discriminate against you for exercising privacy rights. That means we will not deny service, charge a different price or provide a different level of service simply because you made a valid privacy request, unless the law allows it.

16. Children

Runnit is designed for business use. It is not intended for children, and we do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, contact us and we will take appropriate steps.

17. Marketing communications

If you request early access, contact us or sign up for updates, we may send you emails about Runnit. You can opt out of marketing emails at any time by using the unsubscribe link where available or by contacting us.

We may still send service or administrative messages, such as security notices, account updates or changes to legal terms.

18. Customer responsibilities

Customers are responsible for using Runnit lawfully. This includes:

19. Changes to this policy

We may update this policy from time to time. If we make material changes, we will take reasonable steps to notify affected users, such as posting a notice on the website or in the product.

The date at the top tells you when this policy was last updated.

20. Contact us

For privacy questions, requests or complaints, email: privacy@nulltheory.io

Please include enough detail for us to understand the request. Please do not include passwords, secret keys or highly sensitive information in the contact form.

Ready when you are

Run your agency on context.

Request early access

Runnit is built with ❤️ by Null Theory, an Australian owned and operated company.