Privacy Policy

Last updated: February 11, 2025

This Privacy Policy describes how RunThis.page ("we", "us", "our") collects, uses, and protects your personal information when you use our website and service at runthis.page ("Service").

1. Information We Collect

Account information

When you create an account, we collect your email address and a hashed password. We never store your password in plain text.

Payment information

Payment processing is handled entirely by Stripe. We do not store your credit card number, expiration date, or CVC. We receive from Stripe your subscription status, plan tier, and billing period dates. See Stripe's Privacy Policy for details on how they handle your payment data.

Uploaded content

When you upload an HTML file, we store it in Cloudflare R2 object storage. We store metadata about your pages (title, upload date, status, CSP mode) in our database.

Automatically collected information

Our web server and CDN (Cloudflare) automatically log standard request data including IP addresses, browser user agent strings, and request timestamps. These logs are used for security monitoring and abuse prevention and are retained for a limited period.

2. How We Use Your Information

  • To provide the Service — storing and serving your uploaded pages
  • To manage your account and process subscription payments
  • To send transactional emails (account confirmation, billing notices)
  • To enforce our Terms of Service and Acceptable Use Policy
  • To detect and prevent abuse, fraud, and security threats
  • To respond to abuse reports and legal requests

3. Information Sharing

We do not sell your personal information. We share data only in these limited circumstances:

  • Stripe — for payment processing
  • Cloudflare — for CDN delivery and R2 storage of your uploaded pages
  • Fly.io — our application hosting provider
  • Law enforcement — when required by law or to protect our rights

4. Cookies

We use a single session cookie to keep you logged in. This cookie is essential for the Service to function and cannot be opted out of while using authenticated features. We do not use tracking cookies, analytics cookies, or advertising cookies.

5. Data Retention

  • Account data — retained while your account is active, deleted upon request
  • Uploaded pages — retained while your account is active and subscribed. Deleted pages are soft-deleted immediately and permanently removed after 90 days.
  • Server logs — retained for up to 30 days
  • Abuse reports — retained indefinitely for moderation history

6. Data Security

We protect your data using industry-standard measures: passwords are hashed with bcrypt, all connections use HTTPS/TLS, uploaded pages are served from isolated subdomains with Content Security Policy headers, and access to infrastructure is restricted.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data we hold
  • Correct inaccurate personal data
  • Delete your account and associated data
  • Export your uploaded content
  • Object to certain processing of your data

To exercise these rights, email us at [email protected].

8. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. Cloudflare's CDN may cache and serve your uploaded pages from edge locations worldwide.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].