Privacy Policy

Last updated: May 20, 2026

RunOctopus ("we," "us," or "our") operates runoctopus.com and app.runoctopus.com. This policy explains how we collect, use, and protect your information.

Information We Collect

Account information: When you create an account, we collect your name, email address, and Google profile information (if you sign in with Google).

Store information: When you use our service, we collect information about your store including your niche, store URL, platform, and content preferences.

Usage data: We collect information about how you interact with our service, including pages visited, tools used, and features accessed. We use Google Analytics (GA4) for this purpose. Google Analytics is not loaded for visitors from the European Economic Area, the United Kingdom, or Switzerland, and is not loaded for any visitor whose browser sends a Global Privacy Control (GPC) signal.

Technical data: We automatically collect certain technical information when you visit our site or use our app, including your IP address, an approximate location derived from your IP (country and, in the United States, state only), device type, operating system, browser type and version, and referring URL. Our hosting provider (Vercel) collects this information to deliver the site and protect against abuse.

Error and crash logs: When our app or website encounters an error, we automatically collect technical information about the error, including the page or feature where it occurred, browser/device details, and (for signed-in users) your user identifier. We use this only to diagnose and fix problems.

Email addresses: When you use our free tools or enter your email on our website, we collect your email address to send you your results and relevant follow-up content.

Payment information: Payment processing is handled by Stripe. We do not store your credit card information on our servers.

We Do Not Sell Your Personal Information

RunOctopus has never sold personal information for money, and we have no plans to start. We also do not share personal information with third parties for cross-context behavioral advertising (sometimes called "targeted advertising" under U.S. state privacy laws). If you are a California resident and want a formal opt-out on the record, see our Do Not Sell My Personal Information page.

How We Use Your Information

• To build and deliver your personalized content engine
• To send you your tool results and content reports
• To send nurture emails about your niche (you can unsubscribe anytime)
• To process payments through Stripe
• To improve our service and develop new features
• To communicate with you about your account
• To monitor and analyze usage patterns via Google Analytics

Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL database hosted on AWS). We use encryption in transit (HTTPS/TLS) for all data transmission. Access to your data is restricted to authorized personnel only.

Third-Party Services

We use the following third-party services:

• Supabase: Database and authentication
• Stripe: Payment processing
• Resend: Email delivery
• Anthropic (Claude): AI content generation
• Google Analytics: Website analytics
• Vercel: Hosting and deployment

Each of these services has their own privacy policy governing how they handle data.

Email Communications

When you provide your email through our tools or forms, you may receive:

• Your personalized tool results or content report
• A series of educational emails about ecommerce SEO (up to 7 emails over 14 days)
• Product updates and announcements (rare)

Every email includes an unsubscribe link. Once you unsubscribe, we will not send you any further marketing emails. Transactional emails related to your account (receipts, password resets) may still be sent.

Content You Generate

Content generated by Otto for your store belongs to you. When you pay for installation, the content is yours to use, modify, and publish. If you cancel your subscription, content already installed on your store remains yours.

We may use anonymized, aggregated data about content performance to improve our service, but we will never share your specific content, store data, or business information with third parties.

Cookies

We use minimal cookies:

• Authentication cookies: To keep you signed in (Supabase auth)
• Analytics cookies: Google Analytics uses cookies to track site usage
• Session storage: We use browser sessionStorage (not cookies) to maintain state during the content preview flow

Your Rights

Regardless of where you live, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Unsubscribe from marketing emails at any time
• Export your content

To exercise any of these rights, email us at hello@runoctopus.com. We will respond within 30 days, or sooner if required by the law that applies to you.

Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you additional rights:

• Right to know what categories and specific pieces of personal information we collect, the sources we collect it from, the purposes we use it for, and the categories of third parties we share it with
• Right to delete personal information we have collected from you, subject to certain exceptions (e.g. we may keep records required to comply with the law)
• Right to correct inaccurate personal information we hold about you
• Right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising, but you can submit a formal opt-out at our Do Not Sell My Personal Information page
• Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined by CPRA, but the right exists
• Right to non-discrimination for exercising any of these rights. We will not deny service, charge a different price, or provide a lower quality of service because you exercised a CCPA right

We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of sale and sharing under CCPA. When your browser sends GPC, we do not load Google Analytics for your session.

To exercise any California right, email hello@runoctopus.com. We will respond within 15 business days for opt-out requests, and within 45 days for access, deletion, and correction requests, as required by California law. You may also designate an authorized agent in writing to act on your behalf.

Categories of personal information we have collected in the past 12 months: identifiers (name, email, IP address, account ID), commercial information (subscription plan, payment history via Stripe), internet activity (pages visited, features used, referring URL), geolocation (approximate, country/state-level only), and inferences drawn from the above (your niche, content preferences).

We do not sell, and have not sold, personal information in the past 12 months. We do not share, and have not shared, personal information for cross-context behavioral advertising in the past 12 months.

Your European Privacy Rights (GDPR / UK GDPR / Swiss FADP)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR), UK GDPR, or Swiss Federal Act on Data Protection (FADP) gives you the following rights:

• Right of access to the personal data we hold about you
• Right to rectification of inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restrict our processing of your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object to processing based on legitimate interests, including direct marketing
• Right to withdraw consent at any time, where we process data on the basis of consent
• Right to lodge a complaint with your local data protection authority

Legal basis for processing. We process your data on the following bases: (a) contract — to provide the service you signed up for; (b) legitimate interest — to improve our service, secure our systems, and communicate with customers; (c) consent — where you have opted in (e.g. marketing emails you can unsubscribe from at any time); (d) legal obligation — to comply with tax, accounting, and other laws.

International data transfers. Our servers and most of our service providers are in the United States. When we transfer personal data from the EEA/UK/Switzerland to the United States, we rely on Standard Contractual Clauses approved by the European Commission, the UK Information Commissioner's Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable.

Google Analytics is not loaded for visitors from the EEA, UK, or Switzerland. We do this to avoid setting analytics cookies on your device without your consent.

To exercise any of these rights, email hello@runoctopus.com. We will respond within 30 days. There is no fee, and we will not require you to create an account.

Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymized, aggregated analytics data may be retained indefinitely. Server access logs and crash logs are retained for 90 days. Records we are required to keep by law (e.g. tax records, financial records related to payments) are retained for the period required by that law.

Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

Shopify App — Additional Disclosures

If you use RunOctopus through the Shopify App Store, the following additional terms apply:

What We Access

When you install our Shopify app, we request access to your store's theme files, blog/article content, collection pages, and product data. We use these permissions solely to install the content engine Otto builds for you. We do not access customer data, order data, or payment information.

How We Use Store Data

• Your store URL and niche are used to generate content tailored to your business
• Your Shopify access token is encrypted at rest and used only to publish content to your store
• We store content we generate (articles, collections, tools) in our database so you can preview and manage it
• We do not sell, share, or transfer your store data to any third party

GDPR Compliance Webhooks

We respond to all mandatory Shopify GDPR webhooks:

• Customer data request: We do not store customer personal data. We acknowledge the request and confirm no data to export.
• Customer data erasure: We do not store customer personal data. We acknowledge the request and confirm no data to delete.
• Shop data erasure: When you uninstall the app, we delete all store-specific data (sessions, content builds, install records) within 48 hours.

Data on Uninstall

When you uninstall the RunOctopus Shopify app, we immediately delete your Shopify session tokens. Content that was installed on your store remains on your store (you own it). Our database records of your generated content are deleted within 48 hours.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

Contact

Questions about this privacy policy? Email us at hello@runoctopus.com.

RunOctopus
hello@runoctopus.com
runoctopus.com