Privacy Policy
Last Updated · May 13, 2026
RightNow AI, Inc. (the “Company”) is committed to maintaining robust privacy protections for its users. Our Privacy Policy is designed to help you understand how we collect, use, and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.
For purposes of this Agreement, “Site” refers to the Company's website at https://runinfra.ai. “Service” refers to RunInfra, the Company's AI inference pipeline platform accessed via the Site, in which users can build, optimize, and deploy AI model inference pipelines on managed GPUs.
The terms “we,” “us,” and “our” refer to the Company. “You” refers to you, as a user of our Site or our Service. By accessing our Site or our Service, you accept our Privacy Policy and Terms of Service, and you consent to our collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy.
I. INFORMATION WE COLLECT
We collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes anonymous usage data, general demographic information, referring/exit pages, platform types, and preferences. Personal Information includes your email address, name, company name, billing details, IP address, and any other information you provide during registration or while using our services.
1. Information collected via Technology
To activate the Service you do not need to submit any Personal Information other than your email address. We track information provided by your browser or our application when you use the Service, using cookies and similar technologies. We may collect:
- User authentication status
- Site usage patterns and interaction data
- Preferred settings and customization options
- Referring/exit pages and URLs
- Device information, browser type, and operating system
We also collect technical data related to our services:
- Pipeline configurations and model selections
- GPU benchmark results and performance metrics
- API usage logs and request metadata
- Optimization parameters and routing rules
- API keys and credentials (encrypted)
- Error logs and debugging information
This technical data is essential to provide our optimization and hosting services and is treated with the same security as your personal information.
2. Information you provide by registering
To become a subscriber, you will need to create a profile by registering with an email address and password. By registering, you authorize us to collect, store, and use your email address in accordance with this Privacy Policy.
3. Children's Privacy
The Site and Service are not directed to anyone under the age of 13. We do not knowingly collect information from anyone under 13. If you believe we have collected such information, please contact us at privacy@runinfra.ai.
II. HOW WE USE AND SHARE INFORMATION
GDPR Lawful Basis for Processing
- Contract Performance: To provide our inference pipeline and GPU hosting services
- Legitimate Interests: To improve our product, ensure security, prevent fraud
- Consent: For marketing communications and optional features
- Legal Obligation: To comply with tax laws and legal requests
Personal Information:
We do not sell, trade, or rent your Personal Information to third parties for marketing purposes. We share Personal Information with vendors performing services for the Company only at our direction and in accordance with this Privacy Policy.
California “Do Not Sell” / “Do Not Share” notice. Under the California Consumer Privacy Act (CCPA), as amended by the CPRA, we do not sell Personal Information for monetary consideration and we do not share Personal Information for cross-context behavioral advertising. We honor the Global Privacy Control (GPC) signal where your browser sends it. California residents who want affirmative confirmation, or who want to exercise their right to opt out of any future sale or share, can email privacy@runinfra.ai with the subject line “Do Not Sell or Share My Personal Information”. We will honor opt-out requests as soon as feasibly possible and in any case no later than 15 business days from receipt, consistent with CPRA timing requirements. Requests to access, delete, or correct Personal Information are completed within 45 days from receipt of a verifiable request (extendable once by an additional 45 days where reasonably necessary, with notice to you).
We may share Personal Information with outside parties if we have a good-faith belief that access, use, or disclosure is reasonably necessary to meet legal process, enforce our Terms of Service, address fraud or security concerns, or protect the rights, property, or safety of our users.
Non-Personal Information:
We use Non-Personal Information to improve the Service and customize the user experience. We aggregate Non-Personal Information to track trends and analyze usage patterns. We reserve the right to use and disclose such information to partners and third parties at our discretion.
III. HOW WE PROTECT INFORMATION
We implement industry-standard security controls: TLS 1.2+ in transit, AES-256 at rest, role-based access control with hardware-key 2FA for production access, row-level security for tenant isolation, continuous logging and monitoring, dependency and secret scanning on every CI build, and annual third-party penetration testing. The full controls program is documented on the Security page.
Independent attestation. RunInfra is SOC 2 Type II attested. The audit report is available to current customers and qualified prospects under NDA at trust.rightnowai.co or by request to security@runinfra.ai.
Breach notification. In the event of a personal data breach affecting your Personal Information, we will notify you without undue delay, and in any case within 72 hours of becoming aware of the breach. The notification will describe the nature of the breach, the categories and approximate number of records concerned, the likely consequences, and the measures we are taking to contain and remediate. This commitment applies regardless of where you reside and matches the GDPR Article 33 standard.
Your account is protected by your password and, where available, two-factor authentication. We urge you to keep your credentials safe and to log out after each session on shared devices. No method of transmission over the Internet or method of electronic storage is 100% secure, and the controls above mitigate but do not eliminate risk.
IV. YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION
You have the right to prevent us from contacting you for marketing purposes at any time. You can opt out by following unsubscribe instructions in promotional emails or by emailing privacy@runinfra.ai. We may continue to send administrative emails regarding your account or service usage.
V. LINKS TO OTHER WEBSITES
We may provide links to third-party websites or applications. We are not responsible for their privacy practices. This Privacy Policy applies solely to information collected by us through the Site and Service.
VI. CHANGES TO OUR PRIVACY POLICY
We reserve the right to change this policy at any time. Significant changes will be notified via email or a prominent notice on the Site and will go into effect 30 days following notification. Non-material changes take effect immediately.
VII. CONTACT US
If you have any questions regarding this Privacy Policy, please contact us at privacy@runinfra.ai.
VIII. DATA SUBJECT RIGHTS (GDPR)
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Export your data in a portable format (JSON)
- Restrict processing of your data
- Object to processing of your data
- Withdraw consent for marketing
To exercise these rights, email privacy@runinfra.ai. We will respond within 30 days.
Data Deletion
To delete your account and all associated data, email privacy@runinfra.ai with subject line “Account Deletion Request”. We will:
- Confirm your identity
- Permanently delete your account, pipeline configurations, benchmark data, and personal information within 30 days
- Send confirmation once deletion is complete
Exceptions: Billing records are retained for 7 years for tax compliance. Anonymized usage data may be retained for analytics.
IX. THIRD-PARTY SERVICE PROVIDERS (SUBPROCESSORS)
We use the following third-party services to operate our platform:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, authentication | Account data, usage data | US (AWS) |
| Fly.io | Engine API hosting | API requests, pipeline configs, benchmark data | US (IAD) |
| Vercel | Web hosting | Session data, page views | US |
| Modal | GPU compute for model profiling and serving | Model identifiers, inference inputs and outputs during benchmarking | US |
| RunPod | Managed GPU inference endpoints for deployed pipelines | Inference inputs and outputs routed to your deployed model | US / EU (region-selectable) |
| OpenRouter | Unified LLM provider routing for the inference proxy | Prompts and completions routed when you use the unified API endpoint | US |
| Stripe | Payment processing | Billing info, payment methods | US |
| Resend | Outbound transactional email delivery | Email addresses, transactional content | US |
| Google Workspace | Inbound email handling and internal collaboration (support and legal contact addresses) | Inbound emails sent to support@, legal@, privacy@, security@, and other role addresses on the runinfra.ai and rightnowai.co domains | US / EU (Google global) |
| Hugging Face | Model registry | Model selection, download requests | US / EU |
| PostHog | Product analytics | Page views, feature usage, anonymized session data (all form inputs masked) | US / EU |
| Upstash | Rate limiting | Request counts per user (no content data) | US |
These providers access your data only to perform services on our behalf and are contractually obligated to protect your data. For questions about our subprocessors, contact privacy@runinfra.ai.
X. DATA RETENTION
Active Accounts
- Account data: Retained while account is active
- Pipeline configs and benchmark data: Retained while account is active
- Usage analytics: 2 years
- Error logs: 90 days
Deleted Accounts
- All personal data and pipeline configs: Permanently deleted within 30 days
- Anonymized analytics: May be retained indefinitely
- Billing records: 7 years (tax/legal compliance)
Backups
- Automated backups retained for 90 days
- Data in backups permanently deleted after retention period
XI. INTERNATIONAL DATA TRANSFERS
Our services are primarily operated from the United States. The primary database, web tier, and engine API are hosted in US regions. Inference compute provided through RunPod can be region-selected, including EU regions, when the Customer configures a deployed endpoint in those regions; in that case the inference inputs and outputs routed to that endpoint are processed in the selected region while account data, telemetry, and billing remain in the US. If you access our services from outside the United States, your data will be transferred to and processed in the US. We implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) with all vendors
- Encryption in transit and at rest
- SOC 2 Type II compliant infrastructure
For EU users: By using our services, you consent to this transfer. You have rights under GDPR including the right to lodge complaints with your local data protection authority.
Last Updated: May 13, 2026
On this page
Own your AI. We benchmark GPUs, optimize kernels, and deploy open-source models as production APIs.
Start building
