RunShift Logo
RUNSHIFT
🛡️
> PRIVACY_POLICY

Privacy Policy

How we collect, use, and protect your personal information

LAST_UPDATE: NOVEMBER 2025
📜TERMS
🛡️PRIVACY📦FULFILLMENT
🛡️PRIVACY POLICY

Privacy Policy


Effective Date: November 2025


1. Introduction


This Privacy Policy explains what data RunShift collects, how we use it, and your rights. By using RunShift, you agree to this policy.


2. Information We Collect


What you provide:

  • Email address (via Google OAuth or email/password authentication)
  • Display name and profile information
  • Game preferences and difficulty settings
  • Challenge type preferences
  • Payment information (processed by Stripe—we don't store card numbers)

    • What we collect automatically:

  • Usage data (challenges generated, games selected, difficulty choices)
  • Challenge history and completion status
  • Device info (browser type, IP address, general location)
  • Session data and authentication tokens
  • Cookies for login sessions and analytics (via Vercel Analytics)

    • Third-party services that process your data:

  • Stripe: Payment processing and subscription management
  • Supabase: Database, authentication, and storage
  • Google OAuth: Optional sign-in authentication
  • OpenAI: Generates challenge content (temporary processing only)
  • Vercel: Hosting, analytics, and performance monitoring

    • 3. How We Use Your Data


    We use your information to:

  • Provide the service (AI challenge generation, personalized recommendations)
  • Store your generated challenges and preferences
  • Manage the public challenge gallery
  • Process payments and manage subscriptions via Stripe
  • Track daily usage limits for free tier users
  • Send transactional emails (confirmations, billing notices, account deletion warnings)
  • Track usage analytics via Vercel Analytics
  • Improve features and fix bugs
  • Prevent fraud and enforce our Terms
  • Comply with legal requirements

    • We do not sell your data. We do not use your data to train AI models.


    4. Legal Basis (GDPR)


    For EU/UK users, we process data based on:

  • Contract: To provide the service you signed up for
  • Legitimate interests: Service improvement, security, and fraud prevention
  • Consent: Optional analytics (you can opt out)
  • Legal obligations: Compliance with laws (tax records, billing history)

    • 5. Data Sharing


    We do not sell your data. We share data only with:


    Service providers:

  • Supabase: Database (PostgreSQL), authentication, storage
  • OpenAI: Generates challenge content temporarily (data is not stored by OpenAI)
  • Stripe: Payment processing, subscription management, webhook events
  • Vercel: Hosting (Next.js), analytics, performance monitoring
  • Google OAuth: User authentication (optional)

    • These providers are contractually required to protect your data.


    Legal requirements:

    We may disclose data to comply with laws, court orders, or to protect our rights and prevent fraud.


    Business transfers:

    If we're acquired, your data may transfer to the new owner. You'll be notified if this happens.


    6. Data Retention


  • Active accounts: Data stored as long as your account exists
  • Generated challenges: Stored in database while account is active
  • Public gallery challenges: Remain visible until deleted by user
  • After account deletion request:

    • - 48-hour grace period to cancel deletion

    - After 48 hours, all user data is permanently deleted

  • Billing records: Kept for 7 years (legal requirement for tax/accounting)
  • Inactive free accounts: May be deleted after 2 years of inactivity

    • 7. Your Rights


    Everyone:

  • Access, correct, or delete your data (use "Delete Account" in profile settings)
  • Export your data (contact contact@runshift.fun)
  • Cancel subscription anytime (via Stripe Customer Portal)

    • EU/UK users (GDPR):

  • Object to processing
  • Restrict processing
  • Lodge complaints with data protection authorities
  • Data portability (request data export)

    • California users (CCPA):

  • Request details about data collection
  • Delete personal information (via account deletion)
  • Opt out of analytics (browser settings or contact us)

    • To exercise rights: Email contact@runshift.fun or use account deletion feature in profile settings.


    We don't sell your data.


    8. Security


    We protect your data with:

  • Encryption: TLS/SSL in transit, at-rest encryption via Supabase
  • Secure authentication: Supabase Auth with optional Google OAuth
  • Password hashing: bcrypt for email/password accounts
  • Row Level Security (RLS): Database policies ensure users only access their own data
  • Limited access: Minimal employee/admin access to user data

    • Payments are processed by Stripe (PCI DSS Level 1 compliant). We don't store credit card numbers.


    No system is 100% secure. You're responsible for keeping your account credentials safe.


    9. International Transfers


    RunShift operates from the United States. Your data may be transferred to and processed in the US and other countries where our service providers operate (Vercel, Supabase, OpenAI). For EU/UK users, transfers are protected by Standard Contractual Clauses.


    10. Children's Privacy


    RunShift is for users 13+. We don't knowingly collect data from children under 13. If we discover we have, we'll delete it immediately.


    11. AI & Automated Decisions


    We use OpenAI to:

  • Generate unique gameplay challenges based on your preferences
  • Create challenge descriptions and objectives
  • Scale difficulty based on selected level

    • AI-generated challenges are automated suggestions—they may not perfectly match your skill level. We don't use your data to train AI models. Your challenge requests are processed temporarily for generation purposes only.


    Significant decisions (account access, billing, subscription changes) are never made solely by AI.


    12. Cookies


    We use cookies for:

  • Essential: Login sessions, security, authentication state (always active)
  • Analytics: Vercel Analytics for usage stats and performance (you can opt out via browser settings)

    • Disabling essential cookies will prevent service access.


    13. Account Deletion & Data Cleanup


    When you request account deletion from profile settings:

  • 1 Account marked for deletion immediately
  • 2 48-hour grace period begins—you can cancel deletion during this time
  • 3 After 48 hours, all data is permanently deleted:

    • - User profile and authentication credentials

    - All generated challenges and preferences

    - Subscription data

  • 4 Deletion is permanent and cannot be undone
  • 5 Billing records retained for 7 years (legal requirement)

    • 14. Changes to This Policy


    We may update this policy. Material changes will be communicated. Continued use means you accept updates. Check the "Effective Date" to see when it was last updated.


    15. Contact Us


    Email: contact@runshift.fun

    For data requests: Use subject line "Privacy Request" or "Data Deletion Request"

    Response time: Within 30-45 days


    Company: IronWard Industries

    Website: runshift.fun

    Country: United States



    Questions? Email contact@runshift.fun


    SCROLL_TO_READ
    ▲▼

    QUESTIONS ABOUT OUR POLICIES?

    📧contact@runshift.fun
    Buy me a coffee