Privacy Policy
Last updated: March 2025
RunIta1 ("we", "us", "our") provides AI automation services to small businesses ("clients"). This policy explains how we collect, use, and protect personal information — both our clients' information and the information of their end customers.
1. What Information We Collect
We collect: • Client business information (name, email, phone, address, business details) • End customer data processed on behalf of clients: phone numbers (callers), email addresses (email senders), names, appointment details, and conversation transcripts/summaries • Usage data: how the platform is used, errors, performance metrics • Payment information (processed by Stripe — we never store raw card numbers)
2. How We Use Information
Client information is used to: • Provide and improve the RunIta1 platform • Send service emails (daily reports, alerts, billing notices) • Comply with legal obligations End customer data is processed solely on behalf of the relevant client to: • Handle calls, emails, and appointment bookings • Generate AI responses and summaries • Send appointment reminders (SMS) We do not aggregate end customer data across clients or use it for advertising.
3. AI Processing
RunIta1 uses the Anthropic Claude API to generate AI responses. Email content, call transcripts, and chat messages may be sent to Anthropic for processing. Anthropic's data handling practices apply to this processing. See anthropic.com/privacy for details. We use Claude via the API — your data is not used to train Anthropic's models.
4. Call Recordings
Calls handled by RunIta1 are recorded for quality assurance. Callers are informed at the start of every call with: "This call may be recorded for quality purposes." Recording URLs are stored in our database and accessible only to the relevant client and RunIta1 administrators. Clients may disable recording in their configuration settings.
5. Data Storage and Security
Data is stored on Supabase (PostgreSQL, hosted on AWS). Sensitive credentials (OAuth tokens, API keys) are encrypted with AES-256-GCM before storage. All data in transit uses TLS/HTTPS. Supabase provides encryption at rest on the underlying storage layer. Database backups are maintained automatically.
6. Data Retention
Call logs, email logs, and appointment records are retained for 12 months from the date of creation, then automatically deleted. Client account data is retained for the duration of the subscription plus 30 days after cancellation. You may request earlier deletion at any time.
7. Your Rights
You have the right to: • Access the personal information we hold about you • Request correction of inaccurate information • Request deletion of your personal information • Withdraw consent for automated communications To exercise any of these rights, contact us at privacy@runita1.com. We will respond within 30 days as required by applicable law.
8. CASL Compliance
All automated commercial electronic messages sent by RunIta1 comply with Canada's Anti-Spam Legislation (CASL). Every automated email includes an unsubscribe option. Every automated SMS includes "Reply STOP to opt out." We log consent for every contact interaction.
9. Third Parties
We use the following third-party services: Supabase (database), Anthropic (AI processing), Bland.ai (voice calls), Twilio (SMS), Resend (email sending), Stripe (payments), Cal.com (scheduling), Upstash (Redis/rate limiting), Vercel (hosting), Sentry (error tracking). We do not sell personal information to any third party.
10. Contact
For privacy questions or requests: privacy@runita1.com For security concerns: security@runita1.com RunIta1, Alberta, Canada