Get Access →
Legal

Privacy Policy

Last updated: January 2026 · RUNE Systems LLC

1. Scope

This Privacy Policy describes how RUNE Systems LLC ("RUNE," "we," "us") collects, uses, stores, and discloses information about you when you use rune-systems.com and related services (collectively, the "Service"). By using the Service you agree to this policy.

2. Account & Identity Data (Azure Active Directory)

Authentication is handled through Microsoft Azure Active Directory (Azure AD / Microsoft Entra ID). When you sign in, we receive from Microsoft: your email address, display name, and a persistent user identifier. We store this identifier to associate your session and AI data with your account. Microsoft's own privacy practices govern how Microsoft processes sign-in information; see privacy.microsoft.com.

3. Ember Memory

What we store: Ember builds a persistent model of your interaction patterns, including session turn history, concept weights, relational motifs, and emotional tone derived from your conversations. This data ("Ember Memory") is stored in our Cloudflare Durable Object infrastructure.

Duration: Ember Memory is retained for the lifetime of your account unless you delete it. Session turns older than 48 hours are automatically purged from the live event stream; the derived Ghost state persists until explicitly cleared.

Deletion: You may clear your Ember Memory and Ghost state at any time from Settings → Ember & Ghost → Reset Memory. Full account deletion removes all associated AI data within 30 days.

4. Ghost Harvest

The Ghost layer processes harvested session summaries to evolve a long-term symbolic model of your learning patterns. This model (the "Ghost State") includes concept topology, runic affinities, narrative fragments, and dream archetypes. Ghost State data is used solely to personalize your RUNE experience and is never sold or shared with third parties for advertising purposes.

5. Payment Data (Stripe)

Payment processing is handled by Stripe. RUNE does not store or process your payment card data. When you complete a purchase, you interact directly with Stripe's secure payment form. RUNE receives from Stripe only a customer identifier, subscription status, and the tier of the product purchased. Stripe's privacy practices govern card data; see stripe.com/privacy.

6. Usage & Analytics

We collect standard server-side request logs (IP address, user agent, HTTP method, path, timestamp) for security and performance purposes. Logs are retained for 30 days. We may use aggregate, anonymized analytics to improve the Service; we do not use third-party behavioral ad-tracking SDKs.

7. Cookies & Local Storage

We use session cookies to maintain your authentication state (Azure AD session tokens). No third-party advertising cookies are set by RUNE. You may clear cookies through your browser settings; doing so will sign you out of the Service.

8. BCI / Biometric Data (Future)

RUNE is exploring future integrations with brain–computer interface (BCI) devices. If and when such features are offered, they will require separate explicit informed consent before any biometric or neural signal data is collected. We will update this Privacy Policy accordingly before any BCI features are released.

9. Data Sharing

We share your data only with:

  • Microsoft — identity and authentication (see Section 2);
  • Stripe — payment processing (see Section 5);
  • Cloudflare — infrastructure hosting for backend services and Durable Objects.

We do not sell your personal data to third parties. We do not share AI interaction data for advertising purposes.

10. Your Rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data;
  • Request deletion of your data;
  • Object to or restrict certain processing;
  • Data portability (receive a copy of your data in a machine-readable format).

To exercise any of these rights, contact us at [email protected].

11. Children's Privacy

RUNE is not directed to children under 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe a child under 13 has provided us with personal data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes we will update the "Last updated" date and, where appropriate, notify users by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

Privacy inquiries: [email protected]
General support: [email protected]