RUNSETTERS
Get started

/ LEGAL

Privacy Policy

Last updated: May 26, 2026

1. Who We Are

Runsetters is a managed GitLab runner service. We are the data controller for personal data processed in connection with your account. Payments are processed on our behalf by Paddle as Merchant of Record.

2. Information We Collect

  • Account information: name, email, hashed password.
  • Runner configuration: GitLab URL, runner registration tokens (encrypted at rest), optional SSH public key, optional ECR or registry credentials (encrypted at rest).
  • Billing information: processed entirely by Paddle, our Merchant of Record. We never see or store your card details.
  • Operational metadata: Hetzner server ID, IP address, runner status, timestamps for provisioning and health checks.
  • Web logs: standard server logs (IP, user agent, request path) retained for security and abuse investigation.

3. How We Use Your Information

  • To provision and operate the runner machines you subscribe to.
  • To send transactional emails (provisioning success, runner offline alert, invoice receipts).
  • To detect and prevent abuse (Section 5 of our Terms).
  • To respond to your support requests.

We do not use your data for advertising, profiling, or sale to third parties.

4. Subprocessors

We share data with the following processors strictly to deliver the Service:

  • Hetzner Cloud (Hetzner Online GmbH, Germany) — hosting of runner machines and our application infrastructure.
  • Paddle (Paddle.com Market Limited, UK) — payment processing as Merchant of Record.
  • Email delivery provider (e.g. Resend / Postmark) — transactional email.

5. Data Security

Sensitive credentials (GitLab runner tokens, ECR keys) are encrypted at rest using Laravel's encrypted column casts. Communication with Runsetters and your runner machines is over TLS or SSH. We follow industry-standard practices but cannot guarantee absolute security.

6. Your Rights (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and data
  • Export your data in a portable format
  • Object to certain processing
  • Lodge a complaint with your local data protection authority

Send any of these requests to hello@runsetters.com. We respond within 30 days.

7. Data Retention

  • Account and subscription data: retained while your account is active and for up to 7 years after closure for tax and accounting compliance.
  • Runner configuration: deleted when you destroy the runner.
  • Web and audit logs: retained for 90 days unless required for an active security investigation.

8. Cookies

We use only essential cookies (session, CSRF, authentication). We do not use third-party tracking, analytics, or advertising cookies.

9. International Transfers

Runner machines and our application infrastructure are hosted in Hetzner Germany (EU). Paddle processes payments under Standard Contractual Clauses for any data transferred outside the EEA.

10. Changes to This Policy

We may update this policy. Material changes will be announced by email at least 14 days in advance.

11. Contact

For privacy-related questions, contact hello@runsetters.com.