LEGAL

Privacy Policy

Last updated: June 15, 2026

1. Controller

The data controller for this service is 11data, reachable at [email protected]. We operate the website runyouragent.com and the RunYourAgent API.

2. What we collect

We collect the minimum data necessary to provide the service.

Data	Purpose	Legal basis (GDPR)
Email address	Account creation, login, transactional email	Contract (Art. 6(1)(b))
Hashed password	Authentication (managed by Supabase Auth)	Contract (Art. 6(1)(b))
Instance metadata	Server provisioning and management	Contract (Art. 6(1)(b))
Server IP, Tailscale hostname	Instance connectivity	Contract (Art. 6(1)(b))
Stripe customer ID	Billing and subscription management	Contract (Art. 6(1)(b))

3. What we do NOT collect

• We do not read, store, or access any data on your provisioned VPS
• We do not store your BYOK encryption keys — they are deleted immediately after LUKS volume setup
• We do not use cookies, analytics, or third-party trackers on this website
• We do not sell, rent, or share your personal data with third parties for marketing
• We do not profile you or make automated decisions about you

4. Your VPS data — privacy by architecture

Every instance runs on a dedicated Hetzner VPS. Your agent's data — conversations, files, memory, configurations — lives exclusively on your server. We have no backdoor, no monitoring agent, and no access to your instance data.

With BYOK (Bring Your Own Key) encryption, the LUKS disk encryption key is provided by you at deploy time, used once to set up the encrypted volume, and immediately deleted from our systems. After that, only you can decrypt the data. If we received a legal request, we could only hand over encrypted noise.

With Tailscale VPN, your server has zero public ports. It is invisible to the internet. Only devices on your Tailscale network can reach it.

5. Third-party processors

Processor	Purpose	Data shared	Location
Supabase	Authentication, user database	Email, hashed password	EU (AWS Frankfurt)
Hetzner	VPS infrastructure	Server metadata	EU (Germany/Finland)
Stripe	Payment processing	Email, payment info	EU/US
Resend	Transactional email	Email address	US

Each processor is bound by their own privacy policies and, where applicable, Data Processing Agreements. A DPA is available upon request.

6. Data retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Instance data: The Hetzner server is destroyed immediately when you delete an instance. No backups are kept.
• Billing data: Retained as required by tax and accounting law (typically 7-10 years for invoices).
• Server logs: API access logs are retained for up to 30 days for security and debugging, then deleted.

7. Your rights under GDPR

If you are in the EU/EEA, you have the following rights under the General Data Protection Regulation:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate personal data
• Erasure — request deletion of your personal data ("right to be forgotten")
• Portability — receive your data in a structured, machine-readable format
• Restriction — restrict processing of your data in certain circumstances
• Objection — object to processing based on legitimate interests
• Complaint — lodge a complaint with a supervisory authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Payments

Payments are processed by Stripe. We never see or store your card number, CVV, or bank details. Stripe's privacy policy applies to payment data.

9. Data deletion

You can delete your instances at any time via the dashboard or CLI (rya delete). The Hetzner server is destroyed immediately and irrecoverably.

To delete your entire account and all associated data, email [email protected].

10. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify registered users by email of material changes. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

Questions about this privacy policy or your data? Email [email protected].