Privacy Policy

The data controller responsible for processing your personal data is:

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, and how we process it. Our guiding principle is data minimisation: we only collect what is strictly necessary to provide our services.

runtiq collects data in two contexts: when you sign up for our waitlist, and through privacy-respecting, cookieless analytics on our website. In both cases, your data remains on EU infrastructure and is never transferred to third parties outside the EU.

When you register for early access to runtiq, we process the following information to manage your waitlist registration.

Data Collected

• Email address — required, used to confirm your signup and send updates
• Name — optional
• Company — optional
• Role — optional
• Tier interest — optional
• Message — optional
• Referral information — automatically captured URL parameters (e.g. campaign source) to help us understand how you found runtiq

Mandatory vs. Optional

Providing your email address is required for waitlist registration — without it, we cannot process your signup. All other fields are optional and have no consequence if left blank.

Legal Basis

Consent — Art. 6(1)(a) GDPR. You provide explicit consent when submitting the signup form.

Double Opt-In Process

After submitting the form, you will receive a confirmation email. Your waitlist registration is only completed once you click the confirmation link in that email. This ensures we only process data for people who genuinely wish to sign up.

Storage & Infrastructure

Waitlist data is stored in our self-hosted email and CRM system, running on EU-based infrastructure. No data is transferred to third-party services or outside the European Union.

How We Use Your Data

To provide a better experience, your waitlist data is processed by our self-hosted marketing platform to send relevant communications based on your indicated tier interest. All automated processing runs on our own EU infrastructure — no data leaves the European Union. You can opt out at any time by unsubscribing or contacting office@runtiq.com.

Retention

Your data is retained until you withdraw your consent or submit a deletion request. You may unsubscribe at any time using the link in any email we send, or by contacting office@runtiq.com.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal (Art. 7(3) GDPR).

Service Launch

When runtiq launches as a commercial service, we will contact you separately with updated information about how your data will be processed, and will obtain any necessary consents before transitioning your data to any new processing purpose.

We use analytics to understand how visitors use our website so we can improve it. We do this in a way that fully respects your privacy.

How We Track

We use a self-hosted, open-source analytics platform running on our own EU infrastructure. No data is sent to any third party.

Our analytics operate in cookieless mode:

• No cookies are set
• No localStorage is used
• No client-side tracking identifiers are stored on your device
• IP addresses are anonymised (last octet masked before storage)

Data Processed

The following technical data is temporarily processed when you visit our website:

• IP address (anonymised before storage — last octet masked)
• Browser type and version
• Operating system
• Referring URL
• Pages visited and timestamp of visit
• Approximate geographic location (country/region, derived from anonymised IP)
• Interest signals — such as which pricing tier you explored, derived from page interactions
• Aggregated usage patterns — to understand which features and content are most useful to visitors

No full IP address is stored. No persistent user identifier is assigned.

Legal Basis

Legitimate interest — Art. 6(1)(f) GDPR. Our legitimate interest is to understand how visitors use our website in order to improve its content and functionality. Given the cookieless and privacy-preserving nature of our analytics (no persistent identifiers, no cross-site tracking, IP anonymisation), this interest does not override your fundamental rights and freedoms. Because no cookies or tracking identifiers are stored on your device, no consent banner is required.

Infrastructure

Analytics data is stored exclusively on our self-hosted EU infrastructure. No data is shared with third parties or transferred outside the EU.

Opt Out

You can opt out of analytics tracking at any time. To do so, enable your browser's "Do Not Track" setting or contact us at office@runtiq.com. Since our analytics are cookieless and do not use persistent identifiers, no data can be linked back to you after your session ends.

The runtiq website is served as static HTML on EU-based infrastructure (data centres in Germany and Finland).

Web server access logs — which may include anonymised IP addresses and standard HTTP request metadata — are retained for 7 days for security and operational purposes, then automatically deleted.

Legal basis: Legitimate interest — Art. 6(1)(f) GDPR. Our legitimate interest is the security, integrity, and operational reliability of our web infrastructure. Access logs are used solely for diagnosing technical issues and detecting security threats.

We are committed to keeping your data within the European Union. Specifically:

• No data is transmitted to services outside the EU
• No US cloud services are used for data processing
• No third-party tracking pixels, advertising networks, or external analytics tools are used
• No data is sold or shared with partners, advertisers, or other third parties

Every system we use — website hosting, analytics, email management, and marketing automation — is self-hosted on infrastructure under European jurisdiction. We do not use any US-based cloud services, SaaS tools, or third-party processors for handling your data.

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access — Art. 15 GDPR: request a copy of the personal data we hold about you
• Right to rectification — Art. 16 GDPR: request correction of inaccurate data
• Right to erasure — Art. 17 GDPR: request deletion of your data ("right to be forgotten")
• Right to restriction of processing — Art. 18 GDPR: request that we limit how we process your data
• Right to data portability — Art. 20 GDPR: receive your data in a structured, machine-readable format
• Right to object — Art. 21 GDPR: object to processing based on legitimate interest
• Right to withdraw consent — Art. 7(3) GDPR: withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, please contact us at office@runtiq.com. We will respond within one month. For complex requests, this period may be extended by a further two months, in which case we will notify you.

Where we process your data on the basis of legitimate interest (Sections 4 and 5), you have the right to object to such processing at any time. We will then cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Austrian data protection supervisory authority:

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or data processing practices. When we make material changes, we will update the "Last updated" date at the top of this page. Where changes affect the legal basis or purpose of processing, we will notify affected data subjects by email and, where required by law, obtain fresh consent before the changes take effect.

We encourage you to review this policy periodically.