Privacy Policy

Last Updated: December 27, 2025

At run91.ai ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice-first AI assistant service ("Service"). Please read this policy carefully. By using run91.ai, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address
Name (if provided)
Password (stored in cryptographically hashed form using industry-standard algorithms)
Timezone preference
Subscription plan and billing information

1.2 Content You Create

We store the content you create through the Service, including:

Tasks and to-do items
Reminders
Memos and notes
Custom skills and workflows
Conversation history with the AI assistant

1.3 Voice Data

Important: We do not store your voice recordings.

Audio is transcribed in real-time by our speech-to-text provider and immediately discarded. Only the resulting text transcription is retained as part of your conversation history.

1.4 Usage Data

We collect anonymized usage data to improve the Service, including:

Features used and frequency of use
Interaction patterns (e.g., voice vs. text input)
Error logs and performance metrics
Session duration and engagement

This data is aggregated and anonymized. We do not record your screen or session activity.

1.5 Technical Information

We automatically collect certain technical information:

Browser type and version
Device type and operating system
IP address
Pages visited and referring URLs

2. How We Use Your Information

We use the information we collect to:

Provide the Service: Process your voice commands, manage your tasks, reminders, and memos, and deliver AI-generated responses
Send Notifications: Deliver reminder alerts via email or in-app notifications based on your preferences
Process Payments: Handle subscription billing and credit usage tracking
Improve the Service: Analyze anonymized usage patterns to enhance features, fix bugs, and optimize performance
Communicate with You: Send important service updates, security alerts, and support messages
Prevent Abuse: Detect and prevent fraud, spam, and violations of our Terms of Service
Comply with Legal Obligations: Meet applicable legal requirements and respond to lawful requests

3. Third-Party Services

To provide our Service, we use trusted third-party providers in the following categories:

3.1 AI Processing

Large Language Model Providers: Your text inputs and conversation context are sent to AI providers to generate responses
Speech-to-Text Services: Your voice audio is transmitted for transcription (audio is not stored after processing)
Text-to-Speech Services: Text responses are converted to audio for voice playback

3.2 Infrastructure & Delivery

Email Delivery: Transactional emails (reminders, notifications) are sent through a third-party email provider
Content Delivery Network: Static assets are served through a CDN for performance
Payment Processing: Subscription payments are handled by a secure payment processor

3.3 Analytics

Product Analytics: We use analytics tools to understand how users interact with the Service. Session recording is disabled; only aggregated, anonymized metrics are collected.
Landing Page Analytics: Basic visitor statistics (page views, traffic sources) are collected on our public pages.

We select reputable providers with strong privacy and security practices. However, we encourage you to review their respective privacy policies for details on how they handle data.

4. Cookies and Tracking

4.1 Essential Cookies

We use cookies strictly for essential functionality:

Session Cookies: Used only for logged-in users to maintain your authenticated session. These are HTTP-only, secure cookies that cannot be accessed by JavaScript.
CSRF Protection: Security tokens to prevent cross-site request forgery attacks.

4.2 Analytics

Our analytics tools may set cookies to:

Distinguish unique visitors
Track page views and feature usage
Measure performance and errors

4.3 What We Don't Do

No third-party advertising cookies
No cross-site tracking
No selling of your data to third parties
No session recording or screen capture

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Encryption

In Transit: All data is encrypted using HTTPS/TLS during transmission
At Rest: Sensitive credentials and tokens are encrypted using strong encryption algorithms
Passwords: Stored using Argon2, a cryptographically secure hashing algorithm designed to resist brute-force attacks

5.2 Access Controls

HTTP-only, secure cookies with SameSite protection prevent session hijacking
CSRF tokens protect against cross-site request forgery
Role-based access controls limit internal access to user data

5.3 Infrastructure

Content Security Policy (CSP) headers prevent XSS attacks
Regular security updates and dependency monitoring
Secure credential management and secrets handling

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

6.1 Active Accounts

Account Data: Retained while your account is active
Content (tasks, memos, etc.): Retained until you delete them or close your account
Conversation History: Retained until you clear it or close your account

6.2 Voice Recordings

Voice audio is processed in real-time and not stored. Only the text transcription is retained.

6.3 Analytics Data

Anonymized, aggregated analytics data may be retained indefinitely for service improvement purposes.

6.4 After Account Deletion

When you delete your account, we will delete your personal data within 30 days, except for:

Data required for legal compliance or legitimate business purposes
Anonymized data that cannot be linked back to you
Billing records required for tax and accounting purposes

7. Your Rights

You have the following rights regarding your personal data:

7.1 Access

You can access your data at any time through the Service. Your tasks, reminders, memos, and account settings are available in your dashboard.

7.2 Export

You can export your data through the Service or by contacting us at [email protected].

7.3 Correction

You can update your account information and content directly through the Service.

7.4 Deletion

You can delete individual items (tasks, memos, etc.) at any time. To delete your entire account and all associated data, contact us at [email protected].

7.5 Opt-Out

You can opt out of non-essential communications by adjusting your notification preferences in your account settings.

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. By using the Service, you consent to such transfers. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify registered users via email for significant changes
Post a notice on the Service

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

By using run91.ai, you acknowledge that you have read and understood this Privacy Policy.