Privacy Policy

Last updated on Oct 10 2025

1. Introduction

Raraland Inc. ("we," "us," "our") operates Runcraft, a platform that enables users to transform automation workflows into SaaS applications. This Privacy Policy explains how we collect, use, and protect your information.

By using Runcraft, you agree to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email, password)

  • Payment information (processed by third-party payment processors)

  • Applications and workflows you create

  • Customer data that flows through your applications

  • Communications with our support team

2.2 Information Collected Automatically

  • Usage data (IP address, browser type, pages visited, access times)

  • Device information and operating system

  • Cookies and similar tracking technologies for sessions and analytics

  • Application performance metrics and error logs

2.3 Information from Third Parties

  • Payment confirmations from payment processors

  • Authentication data if you use social login

  • Data from third-party services integrated into your workflows

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service

  • Process payments and revenue share distributions

  • Create and manage your account

  • Provide customer support

  • Send administrative updates and service notifications

  • Monitor usage, detect fraud, and prevent abuse

  • Comply with legal obligations

  • Send marketing communications (you can opt out anytime)

4. How We Share Your Information

4.1 We Share With:

  • Service providers: Payment processors, hosting providers, analytics services, email providers

  • Other users: Creators can access their Customers' data as necessary for their applications

  • Legal requirements: When required by law or to protect our rights

  • Business transfers: In case of merger, acquisition, or sale

4.2 We Do NOT:

  • Sell your personal information

  • Share your data for third-party marketing

  • Use Creator workflows or application logic for our own purposes

5. Data Roles and Responsibilities

5.1 When Raraland is a Data Processor

For data processed through Creator applications, Creators are Data Controllers responsible for:

  • Determining what Customer data to collect

  • Providing privacy notices to Customers

  • Ensuring lawful data processing

  • Honoring Customer privacy rights

  • Complying with data protection laws (GDPR, CCPA, etc.)

5.2 When Raraland is a Data Controller

For platform data (your account, payments, usage), we are the Data Controller and handle it according to this policy.

6. Data Security

We protect your information using:

  • Encryption in transit (TLS/SSL) and at rest

  • Access controls and authentication

  • Regular security assessments

  • PCI-DSS compliant payment processors

No system is 100% secure, but we implement industry-standard protections.

7. Data Retention

  • Account data: Retained while your account is active, then as required by law

  • Application data: Controlled by Creators for their applications

  • Platform logs: Typically 90 days to 2 years

  • Financial records: Retained as required by law (typically 7 years)

8. Your Privacy Rights

You have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Delete your data (subject to legal obligations)

  • Export your data in a portable format

  • Restrict or object to certain processing

  • Opt out of marketing communications

California residents (CCPA): You have additional rights including the right to know what data we collect and how it's used. We do not sell personal information.

EU/UK residents (GDPR): You have additional rights including data portability and the right to lodge complaints with your data protection authority.

To exercise your rights, contact us at hey@rara.co

9. International Data Transfers

Your data may be processed in countries outside your residence. We use appropriate safeguards like Standard Contractual Clauses when transferring data internationally.

10. Cookies

We use cookies for:

  • Essential functions: Authentication and sessions (required)

  • Analytics: Understanding usage patterns (optional)

  • Preferences: Remembering your settings (optional)

You can control cookies through your browser settings, though disabling essential cookies may affect functionality.

11. Google API Services and User Data

11.1 How We Use Google User Data

Runcraft's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When Creators integrate Google services into their applications (such as Google Drive, Gmail, Google Calendar, Google Sheets, etc.), we handle Google user data as follows:

Google Cloud Project Options:

Creators have two options for Google API integration:

  • Runcraft's Google Cloud project (default): We manage the OAuth app and Google verification

  • Creator's own Google Cloud project: The Creator configures their own OAuth app and is responsible for obtaining Google verification and compliance, though Runcraft still securely stores and manages the OAuth credentials necessary to execute workflows on behalf of Customers

Access and Use:

  • We store OAuth credentials securely to enable ongoing workflow functionality

  • Google user data flows through Creator workflows to provide the intended application functionality

  • Creators can only see the Customer's email address, not the underlying Google data or credentials

  • We do not use Google user data for any purposes outside of executing the Creator's workflow

Storage:

  • OAuth credentials are stored securely using encryption and access controls

  • Google user data flowing through workflows is processed in real-time and not permanently stored

  • OAuth credentials are retained while the Customer maintains an active subscription and consents to the connection

  • When a Customer revokes access or cancels their subscription, OAuth credentials are deleted within 30 days

Sharing:

  • Google user data is not shared with Creators (beyond email addresses)

  • Google user data may only be transferred to third-party services when:

    • The Creator has explicitly configured that integration in their workflow

    • The Customer has been clearly informed of the third-party integration during the authorization process

    • The transfer is necessary to provide the user-facing features the Customer subscribed to

    • Or when required for security purposes or legal compliance

  • We do not share Google user data with any other parties

  • We do not use Google user data to serve advertising

  • We do not allow humans to read Google user data unless:

    • We have your explicit consent

    • It's necessary for security purposes (e.g., investigating abuse)

    • It's required to comply with applicable law

11.2 In-App Authorization Disclosures

Before a Customer authorizes Google API access for any application:

  • We display clear information about what specific Google data the application will access

  • We explain how that data will be used within the Creator's workflow

  • We disclose any third-party services that will receive Google data as part of the workflow

  • Customers must explicitly consent to these disclosures before authorization proceeds

11.3 Creator Responsibilities for Google Data

Creators who integrate Google services must:

  • Only request access to Google user data that is necessary for their application

  • Provide clear disclosure to their Customers about what Google data is accessed and why

  • Comply with Google API Services User Data Policy and Google APIs Terms of Service

  • Not attempt to access Customer credentials or raw Google user data beyond what the workflow returns

  • Allow Customers to revoke access to their Google data at any time

  • Ensure any third-party integrations in their workflows are clearly disclosed to Customers

Enforcement: We actively monitor and enforce Creator compliance with Google's policies. Creators who violate Google's terms or misuse Google user data will have their applications suspended or removed from the platform.

11.4 Revoking Access

Users can revoke Runcraft's and any Creator application's access to their Google data at any time by visiting their Google Account permissions page.

11. Creator Responsibilities

If you're a Creator, you must:

  • Provide clear privacy notices to your Customers

  • Obtain necessary consents for data collection

  • Honor Customer privacy rights and deletion requests

  • Only collect data necessary for your application

  • Comply with data protection laws (GDPR, CCPA, etc.)

  • Secure Customer data appropriately

  • Inform Customers about third-party integrations

12. Children's Privacy

The Service is not for users under 18. We do not knowingly collect information from children. If we discover we have, we'll delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification. Continued use after changes means you accept the updated policy.

14. Third-Party Links

We're not responsible for privacy practices of third-party websites or services linked from our platform. Review their privacy policies separately.

15. Contact Us

For privacy questions or to exercise your rights:

Raraland Inc.
Email: hey@rara.co

By using Runcraft, you acknowledge that you have read and understood this Privacy Policy.