Privacy Policy

1. Information We Collect

Account data. When you register we collect your name, email, and a hashed password. If you sign in via an OAuth provider (Google, Discord, etc.) we receive your name, email, and avatar URL from that provider.

Usage data. Reading progress, bookmarks, library entries, highlights, comments, upvotes, and interactions with the feed. We use this to personalize what you see and to keep your place across devices.

Technical data. IP address, browser type, device type, and cookies used for authentication and basic analytics.

2. How We Use Your Information

• To provide and maintain the Service
• To personalize recommendations and reading surfaces
• To keep reading progress synced across devices
• To communicate about your account and important changes
• To process Coin purchases, premium unlocks, and tips
• To investigate user reports, prevent fraud and abuse, and enforce our Terms
• To improve the platform based on aggregated usage patterns
• To comply with legal obligations and respond to lawful requests

3. Legal Basis for Processing

If you live in the EU, UK, or another jurisdiction with similar laws, our legal basis for processing your personal data is one of the following, depending on the activity:

• Performance of a contract — to provide you with the Service you requested (account, reading, library, payments).
• Legitimate interests — to keep the platform secure, prevent fraud and abuse, improve the Service, and enforce our Terms. These interests are balanced against your rights.
• Consent — for things like optional notifications or any future use of personal data not covered above. You can withdraw consent at any time.
• Legal obligation — when we're required to process data to comply with the law (tax records, lawful requests from authorities).

4. Data Sharing

We do not sell your personal information. We share data only with:

• Service providers that help us operate the platform (hosting, email delivery, payment processing, error tracking, content delivery)
• Other users — anything you publish publicly (novels, chapters, comments, profile, reading lists) is visible to other users by design
• Law enforcement or government authorities, where we are legally compelled by a valid request, or where we believe in good faith that disclosure is necessary to protect rights, property, safety, or to investigate fraud
• A successor entity if RUNO is ever acquired, merged, or sold (we'll notify users beforehand where required by law)

5. Third-Party Services

We use a small number of third parties to run the platform. Each has its own privacy policy:

• OAuth providers — Google, Discord, and similar, only if you choose to sign in that way
• Hosting and infrastructure — for serving the site and storing data
• Email delivery — for transactional emails like verification and password resets
• Payment processing — Stripe, Apple In-App Purchase, and Google Play Billing process Coin purchases. RUNO does not store your full payment-card details.
• Analytics — privacy-respecting, aggregated analytics (no third-party advertising trackers).

6. International Data Transfers

RUNO operates across multiple regions. Your personal data may be processed in countries other than the one you live in, including in countries whose data-protection laws differ from yours. Where required by law (for example, transfers out of the EU/UK), we use appropriate safeguards such as Standard Contractual Clauses with our service providers.

7. Cookies

We use essential cookies for authentication and to remember your preferences (theme, reader settings, appearance). We do not use third-party advertising or tracking cookies.

8. Data Retention

Account data is retained while your account is active. If you delete your account, personal data is removed within 30 days, except where we're required to keep records for legal, accounting, security, or anti-fraud reasons.

Moderation records. Reports you file, takedown notices, and moderation actions taken against an account (warnings, suspensions, removed content) may be retained beyond account deletion so we can enforce our repeat-infringer policy, defend against disputes, and respond to law-enforcement requests. These records are kept only as long as necessary for those purposes.

Backups. Routine backups may continue to contain your data for a limited window after deletion. Backups are encrypted, access-controlled, and overwritten on the normal rotation cycle.

Content you published may remain visible if you didn't remove it before deletion.

9. Your Rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data ("right to be forgotten")
• Receive a portable copy of your data
• Object to or restrict specific processing activities
• Withdraw consent where consent is the legal basis (without affecting prior processing)
• Lodge a complaint with your local data-protection authority

You can exercise most of these rights directly from your profile settings. For anything you can't do from the UI, email [email protected]. We respond to valid requests within a reasonable time, usually under 30 days, and may need to verify your identity first.

10. US Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and CPRA, including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of any "sale" or "sharing" of personal information.

We do not sell or share personal information for cross-context behavioural advertising. We do not knowingly process the personal information of anyone under 16 for that purpose.

To exercise your CCPA rights, email [email protected]. We won't discriminate against you for exercising your rights. You may use an authorised agent to make a request on your behalf, subject to our verification.

11. Security

We use standard industry practices to protect your data — encrypted connections (HTTPS), hashed passwords, restricted internal access, and access logging. No system is perfectly secure, so if we ever discover a breach affecting your personal data we'll notify you and the relevant authorities as required by law.

12. Children's Privacy

The Service is not intended for children under 13 (or the higher age required by your local law). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has created an account, contact us at [email protected] and we will delete the account and any associated data.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be announced on the platform. The "last updated" date at the top of this page always reflects the current version. Continued use of the Service after the update means you accept the revised policy.

14. Contact

Privacy-related inquiries — including data-subject requests, complaints, and questions about this policy: [email protected].