RunwayFBU AI

Legal Disclaimer: This privacy policy is a template and should be reviewed and approved by qualified legal counsel before being used in a production environment. Privacy laws vary by jurisdiction and your specific use case may require additional provisions.

Privacy Policy

Last Updated: February 16, 2026

1. Introduction

Welcome to RunwayFBU AI ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our startup evaluation platform.

By using RunwayFBU AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

  • Account Information: Email address, name, and password (encrypted)
  • Company Information: Company name, role, and organization details
  • Profile Information: Any additional information you choose to provide

2.2 Startup Data

When you use our platform to evaluate startups, we collect:

  • Submitted Information: Startup URLs, company names, descriptions, and metadata
  • Evaluation Data: Custom criteria, scores, ratings, and analysis results
  • Scraped Content: Publicly available information from startup websites
  • Notes and Comments: Any notes, tags, or annotations you add to startups

2.3 Usage Information

We automatically collect certain information about your device and how you interact with our service:

  • Log Data: IP address, browser type, operating system, referral URLs
  • Analytics Data: Pages visited, features used, time spent, click patterns
  • Device Information: Device type, screen resolution, language preferences

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. See Section 8 for more details.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, operate, and maintain our startup evaluation platform
  • Account Management: To create and manage your account, authenticate users
  • AI Analysis: To process startup data and generate evaluation scores using AI
  • Communication: To send you updates, notifications, and respond to inquiries
  • Improvement: To understand usage patterns and improve our service
  • Security: To detect, prevent, and address technical issues and security threats
  • Compliance: To comply with legal obligations and enforce our terms of service
  • Analytics: To analyze platform usage and generate insights for product development

4. Third-Party Services

We use the following third-party service providers to operate our platform. Each provider has their own privacy policy governing the use of your information:

Clerk (Authentication)

Purpose: User authentication, account management, and session handling

Data Shared: Email address, name, password (encrypted), login timestamps

Privacy Policy: clerk.com/privacy

Google Analytics (EU-hosted)

Purpose: Website analytics, user behavior tracking, and performance monitoring

Data Shared: Anonymized usage data, page views, session duration, device information

Region: Data is processed and stored in the European Union

Privacy Policy: policies.google.com/privacy

Railway (Hosting - EU Region)

Purpose: Cloud hosting infrastructure and database hosting

Data Shared: All application data and user content

Region: Servers are located in the European Union

Privacy Policy: railway.app/legal/privacy

OpenAI (AI Processing)

Purpose: AI-powered startup analysis and evaluation

Data Shared: Startup information, evaluation criteria, scraped content (non-PII)

Privacy Policy: openai.com/privacy

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained while your account is active and for 30 days after account deletion
  • Startup Evaluations: Retained while your account is active or until you delete them
  • Analytics Data: Anonymized data retained for up to 26 months (Google Analytics standard)
  • Backup Data: Retained for up to 30 days in encrypted backups

When we no longer need your information, we will securely delete or anonymize it in accordance with applicable data protection laws.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following data protection rights:

6.1 Right to Access

You have the right to request a copy of the personal information we hold about you. You can export your data directly from your account settings or contact us for assistance.

6.2 Right to Rectification

You have the right to correct any inaccurate or incomplete personal information. You can update most information directly in your account settings.

6.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal information. You can delete your account and all associated data from your account settings, or contact us to request deletion.

6.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON/CSV). You can export your data from your account settings.

6.5 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances.

6.6 Right to Object

You have the right to object to our processing of your personal information in certain circumstances.

6.7 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us using the information provided in Section 11. We will respond to your request within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Authentication: Secure authentication via Clerk with multi-factor authentication support
  • Access Controls: Role-based access controls and principle of least privilege
  • Infrastructure: Hosted in secure EU data centers with SOC 2 compliance
  • Backups: Regular encrypted backups with secure retention policies

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Types of Cookies We Use:

  • Essential Cookies: Required for authentication, security, and basic functionality. These cookies are necessary for the service to function.
  • Analytics Cookies: Used by Google Analytics to understand how visitors interact with our service. These cookies collect anonymized data.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our service.

9. International Data Transfers

We primarily process data within the European Union. However, some of our third-party service providers may process data outside the EEA:

  • OpenAI: May process data in the United States under appropriate safeguards
  • Clerk: May process data globally but maintains GDPR compliance measures

When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your information.

10. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us. If we discover that a child under 16 has provided us with personal information, we will delete such information immediately.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal information, please contact us:

RunwayFBU AI

Email: privacy@runwayfbu.com

General Inquiries: hello@runwayfbu.com

Contact Form: runwayfbu.com/contact

We will respond to your inquiry within 30 days as required by GDPR.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending you an email notification for significant changes
  • Displaying a prominent notice on our service

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the service after changes are posted constitutes your acceptance of the updated policy.

13. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our service and fulfill our contract with you
  • Legitimate Interests: Processing necessary for our legitimate interests in operating and improving our platform
  • Consent: Processing based on your explicit consent (e.g., for analytics cookies)
  • Legal Obligation: Processing necessary to comply with legal obligations