Privacy Policy

Last updated: 30 May 2026

RunwayCRM ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the RunwayCRM platform at runwaycrm.in.

1Information We Collect

Account information: When you sign up, we collect your name and email address via Google Sign-In. We do not store passwords.

CRM data: Leads, campaigns, templates, forms, notes, and tasks you create are stored securely and accessible only to you and your workspace members.

Gmail OAuth tokens: When you connect your Gmail or Google Workspace account, we store encrypted OAuth tokens. These are used solely to send campaigns you create inside RunwayCRM. We request only the gmail.send scope — we never read, access, scan, or store any emails from your Gmail inbox.

Connected account email: We use the userinfo.email scope to identify which Gmail address you have connected for sending campaigns. We store only the email address, nothing else from your Google profile.

Form submission data: When someone submits one of your RunwayCRM forms, their Google-verified email and form responses are stored in your CRM workspace.

Usage data: We collect basic logs for service operation, debugging, and security monitoring.

2How We Use Your Information

To provide and operate the RunwayCRM platform

To send email campaigns from your connected Gmail account strictly on your explicit instruction

To identify which Gmail account is connected for sending (using the email address only)

To store and display leads, campaigns, forms, tasks and send counts in your dashboard

To authenticate you securely via Google Sign-In

To send transactional notifications such as workspace invitations

To improve our platform and resolve technical issues

To comply with legal obligations under the Digital Personal Data Protection Act 2023

3Gmail API and Google Data — Limited Use Disclosure

RunwayCRM uses the Gmail API with your explicit OAuth consent. Our use of Gmail data is strictly limited to the following:

We use the gmail.send scope exclusively to send email campaigns you create and schedule inside RunwayCRM

We use userinfo.email solely to display which Gmail account you have connected for sending

We do NOT read, scan, index, store, or process any emails in your Gmail inbox

We do NOT access any Gmail data beyond what is required to send your campaigns

We do NOT use Gmail or Google data for advertising or any purpose beyond sending your campaigns

We do NOT share Gmail or Google data with any third parties

You can disconnect your Gmail account at any time from RunwayCRM Settings

Revoking access at myaccount.google.com/permissions immediately removes our access

Every campaign email includes a one-click unsubscribe link in the footer; opting out immediately and permanently stops further campaign emails to that recipient from the relevant workspace, enforced server-side before every send

This unsubscribe mechanism is designed to comply with the requirements of the CAN-SPAM Act (15 U.S.C. § 7704) and the unsubscribe/opt-out provisions of the EU General Data Protection Regulation (GDPR), in addition to India's DPDP Act 2023.

RunwayCRM's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4Google One Tap and Form Identity Verification

RunwayCRM forms use Google One Tap to verify form submitters. When someone submits a form, Google confirms their email address is genuine. We receive only the verified email address and display name. We do not access any other Google account data from form submitters.

This is used solely to ensure RunwayCRM customers receive real, verified leads — not fake or disposable email addresses.

5Data Storage and Security

Your data is stored on secure cloud infrastructure with encryption at rest and in transit. OAuth tokens are encrypted before storage. All data in transit is protected by HTTPS/TLS.

We do not sell your personal data or CRM data to any third party under any circumstances.

6Your Rights (DPDP Act 2023)

Right to access your personal data we hold

Right to correct inaccurate personal data

Right to erase your data — request account deletion at any time

Right to withdraw consent including Gmail OAuth — disconnect at any time from Settings

Right to grievance redressal within 30 days of raising a concern

To exercise any of these rights, email karthikampolu1439@gmail.com. We respond within 30 days.

7Cookies

We use only essential cookies required for authentication and session management. We do not use tracking, advertising, or analytics cookies.

8Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data, CRM data, OAuth tokens, and form data are permanently deleted within 30 days.

9Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice on the platform at least 14 days before the change takes effect.

10Contact Us

For any questions about this Privacy Policy or to exercise your data rights:

Product: RunwayCRM
Website: runwaycrm.in