Runeon Privacy Policy

Scope

This Privacy Policy explains how Runeon handles information in the Runeon macOS app, Runeon account and subscription services, optional diagnostics upload, and this website. Runeon is designed around a local-first Steam container: compatibility records are kept on your Mac unless you choose to send a redacted diagnostics report.

Local-first defaults

Runeon stores core app data on your Mac by default, including:

• Steam Baseline runtime and the Runeon-managed Windows Steam container.
• Local Steam library inventory parsed from the Runeon-managed Steam prefix.
• Local run history, compatibility status, and graphics backend plans.
• Local diagnostics packages and pending report drafts until you choose to upload one.

Runeon does not upload compatibility records, does not operate a public compatibility matrix, and does not read, copy, upload, or proxy Steam credentials, Steam tokens, Steam session cookies, chats, friends, purchases, or game saves.

Account and billing information

If you sign in, start a trial, or subscribe, Runeon may process:

• Your email address and authentication provider metadata through Supabase Auth.
• Runeon account identifiers, device binding records, device display names, device hash values, entitlement validation timestamps, and signed entitlement token metadata.
• Stripe customer id, subscription id, plan, trial end, current billing period, cancellation state, subscription status, and billing event metadata.

Stripe processes payment details. Runeon servers do not store card numbers, card security codes, or full payment credentials.

Optional diagnostics reports

Diagnostics upload is optional and off by default. When Runeon detects a strong Steam or game launch failure, the app may prepare a local pending report. Runeon shows a review screen before upload. Nothing is sent until you choose to send that specific report.

A redacted diagnostics report may include:

• Runtime and Steam session snapshots.
• Failure classification and process metadata.
• Redacted Runeon, Steam, Wine, and selected game or launcher log excerpts.
• macOS version, hardware family, Runeon build, and runtime build numbers.

Runeon redacts detected usernames, home folder paths, email addresses, token/session/cookie/password-like fields, Steam account hints, IP addresses, UUIDs, and machine identifiers before upload. The backend scans the submitted package again before accepting it. If sensitive patterns are detected, the upload can be rejected and recorded for audit.

Diagnostics packages are for private support and product diagnostics. They are not automatically converted into public game compatibility claims.

Website and service logs

This simple website does not use Google Analytics or Mixpanel. Cloudflare may process request logs, security events, basic traffic analytics, IP addresses, user agent strings, and abuse-prevention signals to operate and protect the site and API. If Runeon later enables Cloudflare Web Analytics, it will be used for aggregate site measurement and not for cross-site advertising profiles.

Service providers

Runeon currently uses the following service providers for account, billing, hosting, diagnostics storage, email, and sign-in flows:

• Supabase for authentication and account, device, subscription mirror, diagnostics metadata, and audit records.
• Cloudflare Workers, Pages, R2, and related security services for API hosting, website hosting, rate limiting, and redacted diagnostics storage.
• Stripe for checkout, subscription billing, invoices, payment status, and customer portal sessions.
• Resend for Runeon transactional email.
• Apple and Google when you choose those sign-in providers.

Retention

Redacted diagnostics attachments are retained for up to 90 days by default unless you request earlier deletion or a shorter support path applies. Account, device, subscription mirror, audit, and billing metadata are retained only as needed for entitlement, security, abuse prevention, accounting, legal obligations, and support. Some billing records remain in Stripe according to Stripe's own legal, tax, accounting, and fraud-prevention requirements.

Your choices

• You can create local diagnostics packages without uploading them.
• You can cancel a diagnostics report before sending it.
• You can request deletion of account, device, diagnostics metadata, and diagnostics attachments that Runeon controls.
• You can request export of account, subscription mirror, device, diagnostics report metadata, and audit metadata that Runeon can provide.
• You can manage billing and cancellation through the Stripe Customer Portal linked from the app.

Contact

For privacy requests, contact privacy@runeon.app. For product support, contact support@runeon.app.