Privacy Policy

Your privacy and data security are our top priorities. Learn how we protect and handle your information.

Last updated: 04/06/2026

AES-128 Encryption

All financial data encrypted at field level

GDPR Compliant

Full control over your personal data

No Data Selling

We never sell or share your data

Privacy First

Analytics data automatically masked

1. Information We Collect

Personal Information

  • Account information (username, email address, name)
  • Authentication data (encrypted passwords, OAuth tokens)
  • Profile information you voluntarily provide

Financial Data

  • Financial planning information (income, expenses, savings goals)
  • Investment and retirement data you enter
  • Currency preferences and scenarios

Usage Data

  • Device information and browser type
  • Pages visited and features used (anonymized)
  • Login times and session duration

2. How We Use Your Information

To Provide and Improve the Service

  • Process and store your financial planning data
  • Generate forecasts, charts, and reports
  • Provide customer support and respond to inquiries
  • Improve and optimize our service based on usage patterns

To Communicate With You

  • Send important service announcements and updates
  • Notify you about changes to our policies or features
  • Send subscription and billing information

3. Data Security

Field-Level Encryption

All sensitive financial data (amounts, interest rates, fees, etc.) is encrypted at the database field level using AES-128-CBC encryption with Fernet. This means your financial data is encrypted before being stored in our database and can only be decrypted when accessed by you through your authenticated session.

HTTPS/TLS Encryption

All data transmitted between your browser and our servers is encrypted using TLS 1.3

Secure Authentication

Passwords are hashed using bcrypt with salt. We support OAuth authentication for added security

Database Security

PostgreSQL database with restricted access, regular backups, and security updates

User Isolation

Your data is completely isolated from other users. We enforce strict access controls

4. Data Sharing and Third Parties

We DO NOT sell, trade, or rent your personal information to third parties.

Your financial data remains private and is only accessible to you. We do not share your data with advertisers, data brokers, or other companies for their marketing purposes.

Limited Third-Party Services

We use the following third-party services to operate MyRunway:

  • ExchangeRate-API.com: Provides real-time exchange rates for multi-currency support (no personal data shared)
  • Google Analytics: Anonymized usage analytics with IP masking and no ad personalization (opt-out available)
  • Payment Processors: Secure payment handling (we do not store your credit card information)

5. Your Data Rights (GDPR Compliance)

Under the General Data Protection Regulation (GDPR) and other data protection laws, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Correction

Update or correct inaccurate personal information

Right to Deletion

Request deletion of your account and all associated data

Right to Export

Download your data in a portable format (JSON/CSV)

Right to Object

Object to certain data processing activities

Right to Restrict

Request restriction of data processing

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services.

  • Active accounts: Data retained indefinitely while account is active
  • Deleted accounts: All personal and financial data permanently deleted within 30 days of account deletion
  • Backup retention: Encrypted backups retained for 90 days for disaster recovery, then permanently deleted
  • Legal requirements: Some data may be retained longer if required by law or to resolve disputes

7. Cookies and Tracking

We use cookies and similar technologies to provide and improve our service. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

8. Children's Privacy

MyRunway is not intended for children under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Material changes will be communicated via email to registered users at least 30 days before they take effect.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]

Your privacy is important to us. We are committed to protecting your personal and financial data with industry-leading security practices.