Privacy Policy
Last updated: July 3, 2026
This policy explains how Run-Fi collects, uses, and protects data when providing reconciliation services to business customers.
1. What Data We Collect
Run-Fi collects and processes data in three primary categories:
a. Transaction Data
Financial transaction records submitted by your organisation, including bank transfers, payment processor records, and blockchain transaction data. This data is processed on behalf of your organisation to provide the reconciliation service.
b. Account Information
Information about your organisation and authorised users, including organisation name, contact details, billing information, and user authentication credentials.
c. Usage and System Logs
Technical data about how your organisation uses the platform, including API calls, system events, error logs, and audit trail records. This data is necessary to maintain service quality, security, and regulatory compliance.
2. How We Use Data
Run-Fi uses the data we collect for the following purposes:
- To provide the financial reconciliation service as described in our Terms of Service
- To maintain complete and tamper-evident audit trails required for financial compliance
- To monitor system performance, security, and service availability
- To fulfil our contractual obligations to your organisation
- To comply with legal and regulatory requirements
Run-Fi does not use your transaction data for any purpose beyond providing the service. We do not sell, rent, or share your data with third parties for marketing purposes.
3. Legal Basis for Processing
Run-Fi processes data under multiple legal frameworks depending on your organisation's jurisdiction:
- GDPR (EU): Processing is necessary for the performance of a contract with your organisation
- UK GDPR: Contractual necessity and legitimate interests in providing secure financial services
- POPIA (South Africa): Processing in accordance with contractual obligations and lawful business purposes
- Kenya Data Protection Act 2019: Consent and contractual performance
- CCPA (California): Business purpose processing on behalf of service providers
Detailed lawful processing bases for specific data categories are outlined in our Data Processing Agreement.
4. Data Sharing
Run-Fi shares data only in the following limited circumstances:
a. Sub-Processors
We use a small number of vetted third-party service providers to support platform infrastructure (hosting, storage, compute). A complete list of sub-processors is available in our Data Processing Agreement and provided to customers under NDA.
b. Legal Requirements
We may disclose data when required by law, court order, or regulatory authority, provided we notify your organisation unless legally prohibited from doing so.
c. No Sale of Data
Run-Fi does not sell, rent, or otherwise provide your data to third parties for their commercial purposes.
5. International Data Transfers
Run-Fi operates globally with infrastructure in multiple jurisdictions. Your transaction data may be processed in Kenya, South Africa, the European Union, or other regions depending on your service configuration.
For transfers from the EU or UK to third countries, we implement Standard Contractual Clauses approved by the European Commission. For other jurisdictions, we use equivalent safeguards as required by local data protection laws.
Details on data transfer mechanisms are provided in our Data Processing Agreement.
6. Data Retention
Run-Fi retains data for the following periods:
- Transaction data: For the duration of your contract plus the minimum retention period required by applicable financial regulations (typically 5-7 years)
- Audit logs: Retained for regulatory compliance periods as defined in your commercial agreement
- Account information: Retained for the contract term plus any legal retention requirements
Upon termination, data is deleted in accordance with the schedule outlined in our Terms of Service, unless legal or regulatory obligations require longer retention.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your data:
- Access: Request a copy of the data we hold about your organisation
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of data, subject to legal retention requirements
- Portability: Export your transaction data in a structured, machine-readable format
- Objection: Object to certain types of processing where permitted by law
- Restriction: Request that we limit how we process certain data
To exercise these rights, contact us at info@run-fi.xyz.
We will respond to requests within the timeframes required by applicable law (typically 30 days under GDPR, POPIA, and similar regulations).
9. Security Measures
Run-Fi implements technical and organisational measures to protect your data, including encryption, access controls, audit logging, and regular security assessments.
For detailed information on our security practices, see our Security and Compliance page.
10. Changes to This Policy
Run-Fi may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify active customers of material changes at least 30 days in advance.
The "Last updated" date at the top of this page indicates when this policy was most recently revised.
Questions about this policy? Email info@run-fi.xyz