Privacy Policy

Last updated: April 25, 2026

1. Introduction

The Runtime Company ("we", "us", "our") operates Browser Relay and associated services. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account Data

When you create an account, we collect:

  • Email address (used for account identification and communication)
  • Authentication method and credentials (API keys, OAuth tokens)
  • Workspace and team membership information

Usage Data

We automatically collect:

  • Tool call counts and types (for billing and rate limiting)
  • API request metadata (timestamps, endpoints, response codes)
  • Browser session metadata (browser type, extension version, connection status)
  • Audit logs (user actions within workspaces)

Data We Do NOT Collect

Browser Relay is designed with privacy as a core principle. We do not collect, store, or have access to:

  • Page content, DOM snapshots, or screenshots from your browser sessions
  • Your cookies, session tokens, or login credentials for any website
  • Form data, passwords, or personal information entered in browser tabs
  • Browsing history or URLs visited through relay-connected browsers

Tool commands and responses are transmitted through the relay but are not stored or logged by our infrastructure. The relay acts as a pass-through transport layer.

3. How We Use Your Data

We use collected data to:

  • Provide, maintain, and improve the Services
  • Enforce usage limits and calculate billing
  • Generate audit logs for workspace administrators
  • Detect and prevent abuse, fraud, or security incidents
  • Communicate important updates about the Services

4. Data Sharing

We do not sell your personal data. We may share data with:

  • Infrastructure providers: Cloudflare (hosting, CDN, Workers) processes requests as part of service delivery
  • Payment processors: Stripe processes billing information for paid plans
  • Workspace members: Audit logs and usage data are visible to workspace administrators
  • Legal requirements: We may disclose data if required by law or to protect our rights

5. Data Retention

Account data is retained while your account is active. Usage metrics are retained for the current billing period plus 90 days. Audit logs are retained for 1 year. Upon account deletion, we remove your data within 30 days, except where retention is required by law.

6. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • API key hashing (keys are stored as hashed values; raw keys cannot be recovered)
  • OAuth 2.1 with PKCE for authentication flows
  • Connector tokens with configurable expiry for browser pairing
  • Session isolation between multi-agent workloads

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise these rights, contact us at suyashbhawsar@outlook.com.

8. Cookies

The Runtime Company website and Console use minimal cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels.

9. Children's Privacy

The Services are not directed to individuals under 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Console. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related inquiries, contact us at suyashbhawsar@outlook.com.