Runer Legal
隐私政策
Last updated: [YYYY-MM-DD]
This Privacy Policy describes how [Your Legal Entity](“Runer”, “we”, “us”, or “our”) collects, uses, and discloses information when you use the Runer website at runerapp.com (the “Site”) and the Runer desktop application (the “App”, collectively the “Service”).
We have tried to keep this policy plain and short. If anything is unclear, email us at hi@runerapp.com.
1. Who We Are
Runer is a foreign-language reading and vocabulary application. The Site is a marketing and waitlist page. The App is a desktop client that runs locally on your computer and stores your library, vocabulary, and reading data on your device.
The data controller is [Your Legal Entity], based in [Country/Region].
2. Information We Collect
2.1 On the Site (runerapp.com)
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email address (waitlist) | To notify you when Runer launches | Consent |
| Country code (derived from IP at request time; IP itself is not stored) | Regional statistics | Legitimate interest |
| Anonymous traffic analytics (page views, referrer, device class) via Vercel Web Analytics | Understand site performance | Legitimate interest |
We do not use advertising cookies, third-party trackers, or cross-site identifiers on the Site.
2.2 In the App
The App is local-first. Your books, highlights, notes, and vocabulary are stored on your device only. We do not have access to them.
The App may send a periodic anonymous heartbeat containing:
- A salted SHA-256 hash of a randomly generated device ID (not reversible to your identity)
- App version
- Operating system family (e.g., “macOS”, “Windows”)
- Country code derived from your IP at request time (IP itself is not stored)
The heartbeat helps us count active installations. It does not include your name, email, files, reading history, or any personally identifiable information.
2.3 Information We Do Not Collect
- We do not collect your books, documents, highlights, notes, or vocabulary entries.
- We do not collect your reading history or in-app activity.
- We do not sell or rent any data to third parties.
3. Service Providers
We use the following service providers to operate the Service. These providers process data on our behalf under their own privacy policies.
| Provider | Purpose | Data processed | Location |
|---|---|---|---|
| Vercel Inc. | Website hosting, Web Analytics, edge network | IP address (at request time), request metadata, anonymous page-view events | United States and global edge locations. Privacy policy |
| Supabase Inc. | Waitlist email storage, heartbeat counter database | Email address, device-hash, country code, timestamps | [AWS region, e.g., AWS us-east-1]. Privacy policy |
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with cross-border data-transfer restrictions, please note that your data may be transferred to and processed in the United States. We rely on the standard contractual clauses and the providers’ compliance programs as the legal mechanism for such transfers.
4. Bring Your Own Key (BYOK) — AI Providers You Configure
Runer follows a Bring Your Own Key (BYOK) model for AI features (translation, sentence analysis, etc.).
This means:
- You sign up directly with the AI provider of your choice and obtain your own API key.
- You enter that API key into the App. The key is stored locally on your deviceand is never transmitted to Runer’s servers.
- When you use an AI feature, the App sends your request (e.g., a sentence to translate) directly from your device to the AI provider you selected, using your key.
- Runer does not receive, see, store, log, or proxy this AI traffic. We have no access to the content of your requests or responses.
Because of this, the AI provider you choose becomes an independent data controller for the data you send them. Their privacy policies, terms of service, and jurisdiction govern that data. We strongly recommend you read the privacy policy of any provider before configuring it.
Providers currently supported
Listed for transparency. Inclusion does not imply endorsement. Availability and applicable laws differ by region — please choose providers appropriate to your jurisdiction and data-sensitivity needs.
Runs locally on your device — no third-party data transfer:
- Ollama — local inference, runs entirely on your machine.
Servers in the United States / international:
- OpenAI — openai.com/policies/privacy-policy
- Anthropic — anthropic.com/legal/privacy
- Google Gemini — policies.google.com/privacy
- z.ai— see provider’s website for current policy
- MiniMax (Global)— see provider’s website for current policy
- OpenRouter — openrouter.ai/privacy
Servers in mainland China:
- DeepSeek — deepseek.com
- MiniMax (China) — minimaxi.com
- Moonshot — moonshot.cn
- Kimi (China) — kimi.com
Some of the above providers store data in mainland China and are subject to Chinese law, including the Personal Information Protection Law (PIPL) and the Cybersecurity Law. If you are located outside mainland China and choose one of these providers, your data may be transferred to and processed in China. Please review the provider’s policy before use.
5. How Long We Keep Your Data
- Waitlist email: until you unsubscribe or until 12 months after launch announcement, whichever is earlier.
- Heartbeat records: aggregated and rotated; individual rows are deleted after 90 days.
- Server logs (Vercel): retained per Vercel’s standard policy (typically 30 days).
6. Your Rights
Depending on where you live (GDPR, UK GDPR, CCPA, PIPL, etc.), you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (“right to be forgotten”)
- Object to or restrict processing
- Withdraw consent at any time
- Lodge a complaint with your local data-protection authority
To exercise any of these rights, email hi@runerapp.com. Since the only personal data we hold for most users is a waitlist email, deletion usually takes a single request.
California residents: we do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA.
7. Children
Runer is not directed at children under 13 (or under 16 in the EEA/UK). We do not knowingly collect data from children. If you believe a child has provided us with information, please contact us and we will delete it.
8. Security
We use industry-standard measures: HTTPS everywhere, hashed device identifiers, restricted database access, and least-privilege service credentials. No system is perfectly secure; if you discover a vulnerability, please email hi@runerapp.com responsibly.
9. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced on the Site and, where required, by email. The “Last updated” date at the top reflects the most recent revision.
10. Contact
[Your Legal Entity]
Email: hi@runerapp.com
Jurisdiction: [Country/Region]
For any privacy-related question, please reach out — we read every message.