Privacy Policy.

RunGuard is operated by Robion Systems BV, a private limited liability company incorporated in the Netherlands ("we," "our," or "us"). We are committed to protecting your privacy. This policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

Important: RunGuard is designed for technical incident routing. It is not intended for collecting, processing, or storing personally identifiable information (PII) or sensitive data from your end users.

2.1 Account information

When you authenticate with GitHub, we collect:

• ↳GitHub username and user ID
• ↳Email address associated with your GitHub account
• ↳GitHub profile information (avatar, name)
• ↳Short-lived OAuth tokens (we do not persist user-level OAuth tokens long-term)

2.2 Repository data

When you install the RunGuard GitHub App on a repository, we access:

• ↳Repository name, organization, and public metadata
• ↳Default branch and accessible repository identifiers
• ↳Issue and pull-request links produced by your AI executor (for status tracking only)

We do not clone your repository or read its source code as part of routine operation. The actual fix work runs on your AI executor with the permissions you grant it directly.

2.3 Incident data

When your application sends errors to RunGuard via the SDK, we collect:

• ↳Error signatures and stack traces
• ↳Error classifications (cause category)
• ↳Timestamp and frequency of occurrence
• ↳Minimal request context (file paths, line numbers, function names)
• ↳Runtime environment information (Node.js version, Python version, etc.)

We do not collect: end-user PII, authentication tokens, API keys, passwords, payment information, or sensitive business data. Secrets matching common patterns (GitHub tokens, OpenAI/Anthropic keys, Bearer headers, environment-variable assignments) are redacted at ingest before storage.

2.4 Usage data

We automatically collect:

• ↳Service usage metrics (incidents ingested, packets dispatched)
• ↳Browser and device information
• ↳IP addresses for security and abuse prevention
• ↳Anonymized analytics to improve the Service

We use collected information to:

• ↳Provide and maintain the RunGuard Service
• ↳Classify, group, and deduplicate incoming incidents
• ↳Apply your safety policy and build review-grade crash packets
• ↳Dispatch the incident to the AI executor of your choice — currently GitHub Copilot or Claude Code Action, with more on the roadmap
• ↳Track external Issue and pull-request status by receiving signed webhook events from GitHub
• ↳Communicate with you about the Service
• ↳Detect and prevent fraud, abuse, and security incidents
• ↳Comply with legal obligations

4.1 Data retention

• ↳Per-incident payload (error message, stack trace, request metadata): deleted 90 days after receipt. The row's structural fields (fingerprint, classification, count, first-seen / last-seen timestamps) are kept so the dashboard keeps showing aggregated history.
• ↳Aggregated incident metrics (counts, classifications, fingerprints, timestamps): retained indefinitely for the life of your workspace.
• ↳Crash packets in object storage (the executor handoff bundle): deleted 30 days after creation. The GitHub Issue body holds the human-readable copy.
• ↳Workspace audit log: retained for 2 years.
• ↳Account data, repository metadata: retained while your workspace is open. Disconnecting an individual repository removes its per-repo executor configuration but keeps the aggregated history.
• ↳Closing your workspace erases all of the above. Billing records (subscriptions, invoices) are retained for 7 years as required by Dutch tax law.

4.2 Data security

We implement industry-standard security measures:

• ↳Encryption at rest and in transit
• ↳Secret redaction at ingest before any storage
• ↳Access controls and authentication for all internal systems
• ↳Regular security review and dependency hygiene
• ↳Encrypted backups with secure key management

4.3 Customer-owned execution

RunGuard does not execute fix code itself. The AI executor that produces a fix runs on your account. Available today: GitHub Copilot (via your Copilot seat) and Claude Code Action (via your own GitHub Actions workflow, using an Anthropic API key you store in your repository's Actions secrets). Cursor Background Agent, OpenAI Codex, Cloudflare AI, and a local-agent polling endpoint are on the roadmap. Your AI provider's privacy policy governs that execution; RunGuard never proxies, sees, or stores your AI provider tokens.

5.1 Third-party service providers

We share data with trusted infrastructure providers who help us run the Service:

• ↳Cloud platform providers (e.g. Cloudflare for compute, queues, and object storage)
• ↳Analytics services (anonymized metrics only)
• ↳Payment processors for billing (Stripe)

All such providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 GitHub and your AI executor

We interact with GitHub APIs under the GitHub App installation you authorize: we read repository metadata, file labeled Issues containing the crash packet, and receive webhook events for Issue and pull-request lifecycle so we can update incident status. The chosen AI executor reads the Issue (or, in the future, receives a direct dispatch) and produces its own output on your repository. Each provider's own privacy terms apply to their handling of that data.

5.3 Legal requirements

We may disclose information if required by law:

• ↳In response to a valid subpoena or court order
• ↳To comply with legal processes
• ↳To protect our rights, property, or safety
• ↳To prevent fraud or security threats

5.4 Business transfers

If RunGuard is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

5.5 We do not sell your data

We do not sell, rent, or trade your personal information or repository metadata to third parties for marketing purposes.

6.1 Access and correction

You can review and update your account information through the RunGuard dashboard.

6.2 Data deletion

You can close your workspace directly from Settings. Confirming with your GitHub account login wipes the workspace's Durable Object storage, deletes all crash packets and offloaded event payloads from object storage, drops repository membership in our directory, and schedules your Stripe subscription to cancel at the end of the current billing period. Billing records (subscriptions, invoices) are retained for 7 years as required by Dutch tax law; everything else goes immediately.

If something blocks the in-product flow, email info@runguard.ai and we'll complete the closure within 30 days.

6.3 Disconnect repositories

You can disconnect repositories at any time from the dashboard. Per-repo executor configuration is removed immediately; the aggregated incident history for that repository is kept (and visible in your workspace) until you close the workspace.

6.4 GitHub permissions

You can revoke RunGuard's GitHub App installation at any time through your GitHub account settings. This immediately disables the Service for the affected repositories.

6.5 Marketing communications

You can opt out of marketing emails by clicking the unsubscribe link in any email or updating your preferences in the dashboard.

We use cookies and similar technologies for:

• ↳Authentication and session management
• ↳Preferences and settings
• ↳Anonymized analytics and performance monitoring

You can control cookies through your browser settings.

RunGuard is operated by Robion Systems BV in the Netherlands. Depending on where you and our service providers are located, your information may be transferred to and processed in the European Economic Area, the United States, or any region where our infrastructure providers (e.g. Cloudflare) operate. We implement appropriate safeguards for international transfers where required.

RunGuard is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected such information, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when changes were made.

For questions or concerns about this Privacy Policy or our data practices, contact Robion Systems BV at info@runguard.ai.

If you are in the European Economic Area, you have additional rights under GDPR:

• ↳Access: request a copy of your personal data
• ↳Rectification: correct inaccurate data
• ↳Erasure: request deletion of your data
• ↳Restrict processing: limit how we use your data
• ↳Data portability: receive your data in a structured format
• ↳Object: object to certain processing activities

To exercise these rights, contact info@runguard.ai.