Privacy Policy

1. What we collect

When you use Runway, we collect the information you provide during the assessment — job title, industry, seniority level, task responses, weights, and environment settings. If you create an account, we also store your email address and display name. If you subscribe to updates, we store your email address.

Billing data for paid plans (One-Week Pass, Pro): we store your subscription status, plan tier, billing period, and Stripe customer reference. We never see or store your full card number— payment details are entered directly into Stripe's hosted checkout and stored by Stripe, our PCI-compliant payment processor.

We also collect anonymous product analytics (page views, feature usage) only when you accept analytics cookies — see Section 4.

We do not collect or store passwords directly. Authentication is handled by a managed auth service that stores credentials on our behalf.

2. How we use your data

• To compute your AI exposure profile and generate your Brief
• To generate AI-powered analysis grounded in graph evidence
• To benchmark your role against market data in aggregate only (cohorts of 5+ users, never individually identifiable)
• To send transactional emails (Brief updates, check-ins) if you opt in
• To process billing for paid plans via Stripe
• To improve the scoring engine and assessment experience

What we don't do:

• Sell your data to third parties — ever
• Use your task assessment data to train AI models without your explicit consent
• Benchmark you against other users in a way that identifies you individually
• Run advertising trackers or share your data with advertisers

3. Third-party services

We use third-party services to operate Runway. Each handles a specific function:

• Database & authentication — stores your account and assessment data securely
• AI analysis — generates your career risk analysis (your data is not used to train models)
• Payment processing — handles subscriptions (we never see your full card number)
• Error monitoring — detects and fixes bugs (no personal data sent)
• Product analytics — anonymous usage patterns, only with your consent (no session recordings, no personal data)
• Email delivery — sends transactional emails like check-ins and briefings

A full list of sub-processors and their locations is in Section 11 below.

4. Cookies & tracking

Runway uses essential cookies for authentication and theme preferences. We use anonymous product analytics only when you consent. You can change your consent at any time in your settings. We do not run advertising trackers or sell your data.

5. Lawful basis for processing

We process your data under the following lawful bases (GDPR Article 6):

• Consent — for analytics tracking and marketing communications
• Contract performance — to deliver the assessment service you requested and manage your subscription
• Legitimate interest — for error monitoring, AI quality assurance, fraud prevention, and service improvement

6. Cross-border data transfers

Runway is operated from Australia. Your data may be transferred to and processed in countries outside your jurisdiction, including the United States, where our service providers operate. These transfers are protected by:

• Standard Contractual Clauses (SCCs) where required by GDPR
• Service provider compliance with applicable data protection frameworks
• Contractual obligations requiring equivalent data protection standards

7. Data retention

Assessment data is retained for as long as your account exists. If you delete your account, all associated data (profile, assessments, journeys) is permanently removed immediately. Newsletter email addresses are retained until you unsubscribe or request deletion.

We keep a record of your acceptance of these Terms and this Privacy Policy — the version accepted and the date — as evidence of consent. This record is deleted when you delete your account.

8. Your rights (GDPR, CCPA & Australian Privacy Act)

You have the right to:

• Access — request a copy of all data we hold about you
• Rectify — correct inaccurate data via your account settings
• Delete — permanently delete your account and all data
• Portability — export your assessment data
• Object — opt out of analytics tracking at any time via settings

To exercise any of these rights, use your account settings or contact us at the email below.

Australian Privacy Act (APP): If you are located in Australia, you have equivalent rights under the Australian Privacy Principles. Career assessment data may constitute sensitive information under APP. We collect and process this data only with your informed consent when you initiate an assessment.

Automated decision-making (GDPR Article 22): Runway uses automated profiling to generate career intelligence reports. These are informational only and do not produce legal or similarly significant effects. You may request human review of any automated assessment by contacting us.

Withdraw consent: where we rely on your consent, you may withdraw it at any time without affecting processing already carried out.

Complaints: if you believe we have mishandled your data, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or, in the EU/UK, with your local data protection supervisory authority.

9. AI-generated outputs

Runway's assessment results are generated using a combination of deterministic scoring algorithms and AI language models. Results are for informational purposes only and do not constitute professional career, legal, or financial advice. Scores reflect task structure and market data — not individual capability or guaranteed outcomes.

What we send to our AI provider: to generate your analysis we send the relevant assessment inputs (such as your role, task responses, and résumé text you provide) to Anthropic via its API. This data is processed to return your result and is not used to train Anthropic's models; under our API terms it is not retained beyond the limited period needed for abuse monitoring. We do not send your name or email to the AI provider as part of this analysis.

10. Security

We use row-level security policies in our database so users can only access their own data. All traffic is encrypted via HTTPS. API endpoints are rate-limited to prevent abuse.

Data breach notification: if a data breach occurs that is likely to result in serious harm, we will notify affected users and the relevant regulator without undue delay, in line with the Australian Notifiable Data Breaches scheme and GDPR Articles 33–34.

11. Sub-processors

The following third-party services process data on our behalf:

12. Contact

For privacy-related questions or data requests, email us at [email protected].