Privacy Policy

1. What we collect

When you use Runway, we collect the information you provide during the assessment — job title, industry, seniority level, task weights, and environment settings. If you create an account, we also store your email address and display name. If you subscribe to updates, we store your email address.

We do not collect or store passwords directly. Authentication is handled by a managed auth service that stores credentials on our behalf.

2. How we use your data

• To compute your AI exposure scores and personalised pathways
• To generate AI-powered analysis of your career risk profile
• To benchmark your role against market data
• To send transactional emails (check-ins, briefings) if you opt in
• To improve the scoring engine and assessment experience

3. Third-party services

We use third-party services to operate Runway. Each handles a specific function:

• Database & authentication — stores your account and assessment data securely
• AI analysis — generates your career risk analysis (your data is not used to train models)
• Payment processing — handles subscriptions (we never see your full card number)
• Error monitoring — detects and fixes bugs (no personal data sent)
• Product analytics — anonymous usage patterns, only with your consent (no session recordings, no personal data)
• Email delivery — sends transactional emails like check-ins and briefings

A full list of sub-processors and their locations is in Section 11 below.

4. Cookies & tracking

Runway uses essential cookies for authentication and theme preferences. We use anonymous product analytics only when you consent. You can change your consent at any time in your settings. We do not run advertising trackers or sell your data.

5. Lawful basis for processing

We process your data under the following lawful bases (GDPR Article 6):

• Consent — for analytics tracking and marketing communications
• Contract performance — to deliver the assessment service you requested and manage your subscription
• Legitimate interest — for error monitoring, AI quality assurance, fraud prevention, and service improvement

6. Cross-border data transfers

Runway is operated from Australia. Your data may be transferred to and processed in countries outside your jurisdiction, including the United States, where our service providers operate. These transfers are protected by:

• Standard Contractual Clauses (SCCs) where required by GDPR
• Service provider compliance with applicable data protection frameworks
• Contractual obligations requiring equivalent data protection standards

7. Data retention

Assessment data is retained for as long as your account exists. If you delete your account, all associated data (profile, assessments, journeys) is permanently removed immediately. Newsletter email addresses are retained until you unsubscribe or request deletion.

8. Your rights (GDPR, CCPA & Australian Privacy Act)

You have the right to:

• Access — request a copy of all data we hold about you
• Rectify — correct inaccurate data via your account settings
• Delete — permanently delete your account and all data
• Portability — export your assessment data
• Object — opt out of analytics tracking at any time via settings

To exercise any of these rights, use your account settings or contact us at the email below.

Australian Privacy Act (APP): If you are located in Australia, you have equivalent rights under the Australian Privacy Principles. Career assessment data may constitute sensitive information under APP. We collect and process this data only with your informed consent when you initiate an assessment.

Automated decision-making (GDPR Article 22): Runway uses automated profiling to generate career intelligence reports. These are informational only and do not produce legal or similarly significant effects. You may request human review of any automated assessment by contacting us.

9. AI-generated outputs

Runway's assessment results are generated using a combination of deterministic scoring algorithms and AI language models. Results are for informational purposes only and do not constitute professional career, legal, or financial advice. Scores reflect task structure and market data — not individual capability or guaranteed outcomes.

10. Security

We use row-level security policies in our database so users can only access their own data. All traffic is encrypted via HTTPS. API endpoints are rate-limited to prevent abuse.

11. Sub-processors

The following third-party services process data on our behalf:

12. Contact

For privacy-related questions or data requests, email us at [email protected].