How we handle data.

This Privacy Policy describes how Corunner ("Corunner", "we", "us") handles information when you use the Corunner web app, the integrations Corunner installs into your tools (Slack, Microsoft Teams, Google Chat, email, and connected systems), and the marketing site you are reading.

Corunner is enterprise software sold to organizations. If you use Corunner as part of an organization, your employer is the data controller and Corunner is the data processor. The Data Processing Agreement between Corunner and your organization governs how your personal data is handled.

From your organization, with consent:

• Workspace identifiers from the systems you connect (Slack, Teams, Chat, email, GitHub, Jira, Notion, CRM, etc.).
• Messages, threads, documents, and metadata necessary to reason about the work read with the actor's permissions, never escalated.
• Organizational memory entries: decisions, owners, terminology, workflow context.
• Per-action audit metadata: what was proposed, who approved, what was acted on.

From you directly:

• Name, work email, role, and company when you book a demo, contact sales, or start a trial.
• Account credentials and SSO identity when you sign into the admin web app.

Automatically:

• Operational telemetry (page views, feature usage, error reports) to operate and improve the service.
• IP address, browser, device, and approximate region for security and abuse prevention.

• To operate Corunner: reason about your work, propose actions, and execute approved actions across your connected tools.
• To maintain organizational memory at your direction.
• To provide audit trails and observability to your administrators.
• To respond to support, sales, security, and legal requests.
• To detect and prevent abuse, fraud, and security threats.
• To improve the service through aggregate, de-identified analytics.

We never use your data to train shared models. This is guaranteed contractually with every model provider on the routing path.

Corunner does not sell your data. We share data only as needed to provide the service:

• Model providers on the routing path, under strict no-training contractual terms.
• Infrastructure providers (cloud hosting, observability) under data processing agreements.
• Connected systems you have explicitly authorized (Slack, Teams, GitHub, etc.).
• Law enforcement, only when legally compelled. We notify your administrators where permitted.

Organizational memory persists for the lifetime of your contract by default. Per-entry and per-employee retention policies are configurable through the admin web app.

Operational telemetry is retained for 13 months. Marketing inquiries are retained for 24 months unless deletion is requested earlier.

On termination, your organization may request full export and purge. Deletes propagate end-to-end within 30 days.

Depending on your jurisdiction, you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. To exercise these rights:

• If your organization is the data controller, contact your administrator first.
• If you are an individual customer or visitor, email privacy@corunner.ai.

We respond to verifiable requests within 30 days. EU and UK customers may also lodge a complaint with their local supervisory authority.

We protect personal data with encryption in transit (TLS 1.3) and at rest (AES-256), per-tenant key isolation, least-privilege access controls, and continuous observability. See our security posture for the full architecture.

Today, all storage and inference run in the US region. EU residency is on our near-term roadmap. Where international transfers occur, we rely on Standard Contractual Clauses and equivalent safeguards.

Corunner is enterprise software not directed at children. We do not knowingly collect personal data from individuals under 16.

We may update this policy as the service evolves. Material changes will be announced to administrators and surfaced in the admin web app. The "Last updated" date below is the canonical version.

• Privacy: privacy@corunner.ai
• Security: security@corunner.ai
• General: hello@corunner.ai