Created: June 9, 2026

Privacy policy

How Runa collects, uses, protects, and shares personal data.

Controller

The controller of personal data is Adam Kamiński Software Solutions, NIP 5291833752, REGON 387965571, Poland, operating the Runa service at runa-tribe.com.

For privacy questions or requests, contact us at contact@runa-tribe.com.

Scope

This policy describes information collected through runa-tribe.com, Runa Space, the Runa mobile app, Runa devices, support channels, and event-related services.

It applies to consumers, event participants, account users, organizers, and business contacts. Separate event agreements may add operational details for B2B customers.

Data we collect

  • Account and profile data, such as email address, name, login provider, account identifiers, and role.
  • Organizer and business data, such as company name, company email, address, city, postal code, country, phone, website, tax identifier, and admin review notes.
  • Device and app data, such as device identifiers, pairing and bonding state, Bluetooth interaction data, firmware version, settings, diagnostics, update reports, and crash or error logs.
  • Location and field data where enabled or required for a feature, such as event map points, participant progress, challenge state, proximity, and gameplay data.
  • Communications and support data, such as messages sent to us, contact details, and issue descriptions.
  • Analytics data, such as page views, product interactions, waitlist events, authentication events, search events, and approximate technical data about browser or device.
  • Payment, delivery, and store data when purchases are enabled, processed through payment, marketplace, app-store, or shipping providers.

How we use data

  • To provide accounts, authentication, pairing, device sync, firmware updates, maps, game progress, and event tools.
  • To process orders, delivery, returns, warranty and statutory conformity requests, and customer support.
  • To operate B2B event contracts, organizer review, access control, fraud prevention, and service security.
  • To improve Runa products, debug errors, measure feature usage, and understand demand.
  • To send service messages, waitlist or launch communications, and legally required notices.
  • To comply with tax, accounting, consumer protection, and other legal obligations.

Legal bases

We process personal data where necessary to perform a contract, take steps before entering a contract, comply with legal obligations, pursue legitimate interests, protect vital or safety interests where relevant, or based on consent where required.

You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect earlier lawful processing.

Processors and recipients

We use trusted providers to run the service. Based on the current implementation and launch plan, these may include Supabase for authentication, database, and storage; Vercel for hosting and deployment infrastructure; PostHog for analytics; Resend or another email provider for messages; Apple and Google app stores for mobile distribution; and payment, shipping, accounting, or support providers when those functions are enabled.

We may also share data with public authorities, courts, advisers, or counterparties where required by law or necessary to protect rights.

Storage region and transfers

Runa is intended to use EU regions for hosting and data storage, including Vercel and Supabase EU regions where configured.

If a provider processes data outside the European Economic Area, we use appropriate safeguards where required, such as standard contractual clauses or equivalent transfer mechanisms.

Retention

We keep personal data only as long as needed for the purposes described above, including account operation, support, legal limitation periods, tax and accounting duties, security, and product improvement.

Some technical logs and analytics records may be kept in shorter aggregated or pseudonymous form. Account and event data may be deleted or anonymized when no longer needed.

Your rights

Under GDPR you may have rights to access, rectify, erase, restrict, object to processing, receive a copy of data, and lodge a complaint with a supervisory authority.

In Poland, you may contact the President of the Personal Data Protection Office. You can send requests to contact@runa-tribe.com.

Children and events

Runa may be used in family or organized event contexts. Where children or minors participate, the organizer or guardian must ensure the required consent, supervision, and lawful basis for participation and data use.

Security

We use technical and organizational measures designed to protect personal data. No online or wireless system can be guaranteed completely secure, especially in field environments and Bluetooth-based experiences.