Privacy Policy
Last updated: March 11, 2026
1. Data Controller
- Identity: RUNXT
- Tax ID: [PENDING]
- Address: [PENDING]
- Email: [email protected]
- Website: https://runxtai.io
2. Personal Data We Collect
Depending on the user's interaction with our Website, we may collect the following personal data:
| Form | Data Collected | Purpose |
|---|---|---|
| AI Diagnosis | Name, email, phone, company | Generate personalized report and commercial contact |
| Contact Form | Name, email, company, billing, message | Address inquiries and commercial contact |
| Lead Magnet | Name, email | Send content and commercial communications |
| X-Bot Chat | Chat messages | Automated assistance and service improvement |
3. Legal Basis for Processing
The processing of personal data is carried out on the following legal bases, in accordance with Article 6 of Regulation (EU) 2016/679 (GDPR):
- Consent of the data subject (Art. 6.1.a GDPR): for sending commercial communications and processing data through forms.
- Performance of a contract (Art. 6.1.b GDPR): for the provision of contracted services.
- Legitimate interest (Art. 6.1.f GDPR): for the improvement of our services and website security.
4. Data Recipients
Personal data may be communicated to the following third-party data processors, with whom RUNXT has signed the corresponding data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Manus (hosting) | Web and database hosting | USA (SCC in force) |
| Umami Analytics | Web analytics (cookieless, privacy-first) | EU / USA |
| OpenAI | AI processing for diagnostics and chat | USA (SCC in force) |
No international data transfers will be made outside of those indicated, except under legal obligation. Transfers to the USA are covered by the Standard Contractual Clauses (SCC) approved by the European Commission.
5. Retention Period
Personal data will be kept for the time necessary to fulfill the purpose for which it was collected and to determine any possible liabilities that may arise from said purpose and data processing. Specifically:
- Form data: until consent is revoked or deletion is requested.
- Contractual data: during the term of the contractual relationship and the legal statute of limitations (5 years, Art. 1964 CC).
- Diagnostic data: 12 months from its generation, unless the user requests its deletion sooner.
6. Data Subject Rights (ARCO-POL)
In accordance with the GDPR and the LOPD-GDD, the user has the right to:
- Access: know what personal data we process.
- Rectification: request the correction of inaccurate data.
- Erasure: request the deletion of their data when it is no longer necessary.
- Objection: object to the processing of their data.
- Portability: receive their data in a structured, commonly used format.
- Restriction: request the restriction of processing in certain circumstances.
To exercise these rights, the user can send an email to [email protected] indicating the right they wish to exercise and attaching a copy of their ID or equivalent identification document.
Likewise, the user has the right to file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
7. Security Measures
RUNXT has adopted the necessary technical and organizational measures to ensure the security and integrity of personal data, as well as to prevent its alteration, loss, unauthorized processing or access, taking into account the state of technology, the nature of the stored data, and the risks to which it is exposed.
8. Modifications
RUNXT reserves the right to modify this Privacy Policy to adapt it to new legislation or jurisprudence, as well as to industry practices. In such cases, the changes introduced will be announced on this page with reasonable notice before their implementation.
