Privacy Policy
Last updated: April 16, 2026
This Privacy Policy describes how Rune ("we," "us," "our"), operated at https://SecondSelfHQ.com, collects, uses, stores, and protects your information when you use our service ("the Service").
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Full name
- Email address
- Password (stored as a bcrypt hash — we never store plaintext passwords)
- Subscription tier selection
- Organization name (for team accounts)
1.2 Onboarding Information
During onboarding, you answer questions about your work, communication style, and expertise. Your answers are used to generate three personalization documents (Rules, Style, and Reference) that customize the Service to your needs.
1.3 Content You Provide
- Conversations: Messages you send and responses from the Service.
- Uploaded files: Documents, images, spreadsheets, and other files you upload.
- Generated documents: Files the Service creates based on your instructions.
- Templates: Document templates you create or modify.
1.4 Integration Data
If you connect third-party integrations, we access:
- Email: Message metadata and content from connected email accounts (Gmail, Outlook) via Aurinko.
- Calendar: Event details from connected calendars via Aurinko.
- Cloud storage: File metadata and content from Google Drive or OneDrive via their respective APIs.
Integration data is stored locally and indexed for search. We only access what you explicitly connect.
1.5 Usage Data
- Messages sent, tokens consumed, API calls made (for billing and usage tracking)
- Login timestamps and IP addresses (for security and rate limiting)
- Feature usage patterns (for service improvement)
1.6 Payment Information
Payment processing is handled by Stripe. We do not store your credit card number, CVV, or other payment credentials. Stripe's privacy policy governs how they handle your payment information.
2. How We Use Your Information
| Data | Purpose |
|---|
| Account info | Authentication, account management, communication |
| Onboarding answers | Generate personalization documents to customize Service behavior |
| Conversations | Provide contextual responses, conversation history, adaptive learning |
| Uploaded files | Text extraction, vector indexing for search, providing relevant context in conversations |
| Generated documents | Storage, versioning, template creation, re-use via search |
| Integration data | Indexed for search so the Service can reference your email, calendar, and files |
| Usage data | Billing, rate limiting, service monitoring, capacity planning |
| Login data | Security, fraud prevention, rate limiting |
3. AI Processing
The Service uses Anthropic's Claude API to process your messages and generate responses. When you send a message:
- Your message, personalization documents, and relevant context are sent to Anthropic's API.
- Anthropic processes this data to generate a response and returns it to our server.
- Per Anthropic's commercial terms, data sent via the API is not used to train their models.
We also use OpenAI's API to generate vector embeddings of your content for search. Text content is sent to OpenAI for embedding and returned as numerical vectors.
4. Data Storage and Security
- Your data is stored on our servers in a PostgreSQL database and on-disk file storage.
- Vector embeddings are stored in a Qdrant database on the same server.
- Passwords are hashed with bcrypt.
- Sessions use secure, HTTP-only, same-site cookies.
- Sensitive API keys (for BYOK team accounts) are encrypted with PGP symmetric encryption.
- All connections to the Service are encrypted via HTTPS/TLS.
5. Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with:
- Anthropic — Message content and context sent to their API for AI processing.
- OpenAI — Text content sent for vector embedding generation.
- Stripe — Email address and subscription tier for payment processing.
- Aurinko — OAuth tokens for email and calendar integration (if you connect these).
- Google/Microsoft — OAuth tokens for cloud storage integration (if you connect these).
All third-party services are used solely to provide the Service's functionality.
6. Team Account Data
If you are part of a team account:
- Your team administrator can view your generated documents, usage statistics, and personalization documents.
- Shared templates created by admins are visible to all team members.
- Your conversation content is not shared with team administrators unless you share generated documents.
7. Data Retention
- Active accounts: All data is retained for the duration of your subscription.
- Cancelled accounts: Data is retained for 30 days after cancellation to allow reactivation, then permanently deleted.
- Deleted accounts: All data (files, conversations, documents, personalization docs, vector embeddings) is permanently deleted immediately upon account deletion.
- Login attempts: Failed login records are purged after 24 hours.
- Password reset tokens: Expire after 1 hour and are purged periodically.
8. Your Rights
You have the right to:
- Access: View all data Rune has stored about you (available in Settings).
- Export: Download all your data — files, conversations, documents, templates, and account info — as a zip file (available in Settings).
- Edit: Update your account information, personalization documents, and generated documents at any time.
- Delete: Permanently delete your account and all associated data at any time (available in Settings).
- Disconnect: Remove third-party integrations at any time, which stops data syncing and removes stored integration data.
9. Cookies
We use a single session cookie to maintain your login state. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.
10. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect information from children under 13. The Student tier is designed for students aged 13 and older. Students under 18 should use the Service with parental consent.
11. International Users
Your data may be processed in a jurisdiction different from where you reside. By using the Service, you consent to the transfer and processing of your data in the jurisdiction where the Service is hosted.
12. Changes to This Policy
We may update this Privacy Policy at any time. Material changes will be communicated via email or notice on the Website. The "Last updated" date at the top reflects the most recent revision.
13. Contact
For privacy-related questions, concerns, or data requests, email info@SecondSelfHQ.com or visit our Contact page.