Rune
Sign in
Back to Rune

Privacy Policy

Your words stay yours.

Last updated: March 18, 2026

The short version: We don't read your books. We don't train on your writing. We don't sell your data. Your stories, characters, worlds, and words belong entirely to you.

What we collect

Rune collects the minimum data needed to give you a working account and a persistent writing experience:

  • Email address -- used for sign-in (one-time passcode, no passwords stored).
  • Display name -- optional, shown in your profile.
  • Theme preference -- light, dark, or system.
  • Usage data -- subscription status and feature usage for service delivery. No content is analyzed.

What we store

Everything you create in Rune lives in a Supabase database protected by row-level security. This includes:

  • Your books, sessions, and conversation transcripts.
  • Your knowledge base -- characters, locations, lore, relationships, timelines.
  • Your workspace files -- brainstorm notes, drafts, manuscript content.
  • Backlog items generated by Sam during your sessions.

All of this data is scoped to your account. No other user can see it. No Rune employee reads it. It exists to serve your writing and nothing else.

What we never do

  • We never train AI models on your content. Your writing is not training data.
  • We never sell, share, or license your data to third parties.
  • We never read your manuscripts, stories, or conversation transcripts.
  • We never use your content for marketing, case studies, or examples without your explicit written consent.
  • We never retain your data after you delete your account.

Third-party services

Rune uses third-party APIs to power voice input and AI conversation. When you use these features, your data passes through:

  • Anthropic (Claude API) -- Your conversation text is sent to Claude for responses. Anthropic does not train on API inputs by default. See Anthropic's usage policy for details.
  • Deepgram -- Your voice audio is sent to Deepgram for transcription. Deepgram processes audio in real-time and does not store recordings.
  • Supabase -- Database hosting and authentication. Data is stored in Supabase-managed PostgreSQL with encryption at rest.
  • Vercel -- Application hosting. No user content is stored on Vercel.

If you self-host Rune, you control which services your data touches. Provide your own API keys and your own infrastructure.

Data deletion

You can delete your account and all associated data from Settings > Account. This permanently removes your profile, all books, sessions, knowledge base entries, workspace files, and backlog items. This action is irreversible.

Self-hosting

Rune is open source (MIT license) and supports Docker self-hosting. When you self-host, your data never touches our servers. You own the database, the infrastructure, and the keys. We encourage self-hosting for anyone who wants maximum control over their creative work.

Changes to this policy

If we change this policy, we'll update the date at the top and note what changed. We won't quietly weaken your protections.

Questions? Reach out at eddie@id8labs.app