1. What this policy covers
This policy describes how ReqRun collects, uses, stores, and shares personal data for hosted accounts, dashboard usage, API operations, billing, support, and security.
ReqRun is designed to keep operational visibility metadata-first. Normal application logs should not contain raw request payloads, but request content and results may still be processed and stored where needed to execute queued work and provide request status.
2. Data we collect
- Account data such as email address, name, company name, country, password hash, and session records.
- Billing and subscription data such as billing email, plan, invoices, tax details, and payment status.
- Project and API metadata such as project names, API key prefixes, limits, request ids, status, attempts, and timestamps.
- Connected provider credentials, including project OpenAI keys stored in encrypted form.
- Request payloads and results to the extent needed for request processing, retries, wait mode, and status retrieval.
- Security and operational data such as rate-limit windows, audit-like service events, IP-derived abuse signals, and support messages.
3. How we use data
- To create and secure accounts, authenticate sessions, and recover access.
- To queue, execute, retry, and return OpenAI-compatible requests.
- To enforce plan limits, pending queue caps, abuse protections, and billing rules.
- To send transactional emails such as signup verification, password reset, welcome, and usage notices.
- To operate support, resolve incidents, comply with law, and protect the service.
4. Legal bases for EEA, UK, and Swiss users
Where applicable, ReqRun processes personal data on one or more of the following legal bases: performance of a contract, legitimate interests in operating and securing the service, compliance with legal obligations, and consent where required.
5. How data is shared
ReqRun uses service providers for hosting, billing, email delivery, and upstream request execution. For example, Paddle may process payment data, email providers may deliver transactional mail, and OpenAI receives request data needed to complete the model call you ask ReqRun to run.
ReqRun does not sell personal information and does not share personal information for cross-context behavioral advertising.
6. Retention
Account, billing, and security records are retained as needed to provide the service, comply with legal requirements, resolve disputes, and prevent abuse. Request and attempt records follow plan or product retention windows where those windows apply.
7. International transfers
ReqRun and its providers may process data in countries other than your own. Where required, ReqRun relies on appropriate safeguards for cross-border transfers, such as contractual protections or other legally recognized transfer mechanisms.
8. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain uses of your data, and to withdraw consent where processing depends on consent.
EEA, UK, and Swiss users may also have the right to complain to a supervisory authority. California and other US state privacy laws may give you rights to know, access, correct, delete, or limit certain processing of personal information, as well as the right not to be discriminated against for exercising privacy rights.
To request privacy assistance, contact [email protected].
9. Security
ReqRun uses safeguards appropriate to the hosted product, including hashed API keys, encrypted project provider keys, signed billing webhooks, and cookie-based dashboard sessions outside local development.
No system is perfectly secure, and you are also responsible for protecting your own accounts, keys, and connected provider credentials.
10. Changes
ReqRun may update this policy as the product, infrastructure, or legal obligations change. If a change is material, ReqRun may provide additional notice where appropriate.