Legal

Privacy
Policy.

This policy explains what data RunSpace collects, why, and how it is handled. We keep this short and honest — no legal padding, no hidden clauses.

Effective: January 1, 2026 · Jurisdiction: Sweden (EU/GDPR)

1. Who we are

RunSpace is an independently operated communication platform, hosted on Hetzner infrastructure in Germany. It is not a company — it is a single-person project. Contact: admin@runspace.cloud

2. What we collect

RunSpace is designed to collect as little as possible. Here is what we store:

Account key — a UUID v4 generated on your device. No email, no phone number, no name required.

Username — chosen by you at registration. Can be changed.

Messages — direct messages are end-to-end encrypted. The server stores ciphertext only. We cannot read your messages.

IP address — logged temporarily for rate limiting and abuse prevention. Not stored long-term, not tied to your identity.

Device ID — a locally generated identifier used for E2E key sync across your own devices. Stored server-side but not linked to personal identity.

No tracking pixels, no analytics scripts, no advertising identifiers.

3. How we use your data

Data collected is used exclusively to operate the platform:

Delivering messages between users

Authenticating your session

Preventing abuse and enforcing rate limits

We do not sell, rent, or share your data with third parties. There is no advertising model. There is no analytics platform receiving your behavior.

4. Encryption

All direct messages are encrypted end-to-end using RSA-OAEP 2048-bit + AES-256-GCM. Encryption keys are generated client-side and never transmitted to the server in plaintext. This means that even RunSpace cannot read your direct messages.

Group and space messages are encrypted in transit (TLS) but not end-to-end encrypted at this time.

5. Data retention

We keep your data for as long as your account exists. If you delete your account, your messages, profile data, and account key are permanently removed from the database. There are no backup systems that retain deleted user data beyond 30 days.

6. Your rights (GDPR)

As RunSpace operates under Swedish and EU law, you have the following rights:

Right of access — you can request a copy of the data we hold about you.

Right to erasure — you can delete your account and all associated data at any time from the account settings page.

Right to rectification — you can update your username and profile at any time.

Right to object — contact us at admin@runspace.cloud for any data-related request.

7. Third-party services

RunSpace uses the following external services:

Hetzner — infrastructure provider. Servers located in Germany (EU). Subject to Hetzner's data processing agreement.

No other third-party services receive user data.

8. Changes to this policy

If this policy changes in a meaningful way, we will post a notice on the News page before the change takes effect. Continued use of RunSpace after a policy update constitutes acceptance of the new terms.

9. Contact

For any privacy-related questions or requests: admin@runspace.cloud

PrivacyPolicy.