Privacy Policy

1. Who We Are

Runbook ("we", "us", "our") is a UK-based digital product brand providing AI implementation resources for professional services firms. Our website is hosted via Cloudflare and our products are sold through Payhip.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, subscribe to our email list, or purchase our products. We are committed to handling your data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of data protection law, we are the data controller for the personal data we collect about you.


2. Data We Collect


2.1 Data You Provide Directly

We collect personal data that you provide to us voluntarily, which may include:

  • Your name and email address when you subscribe to our mailing list or download a lead magnet via Kit (formerly ConvertKit)
  • Your name, email address, and billing information when you purchase a product through Payhip
  • Any information you include when contacting us directly by email

2.2 Data Collected Automatically

When you visit our website, certain information may be collected automatically, including:


  • Your IP address and approximate geographic location
  • Browser type and version
  • Pages visited and time spent on each page
  • Referring website or source

Our website is hosted on Cloudflare, which may collect technical data as part of its infrastructure and security services. Please refer to Cloudflare's own privacy policy for details of their data practices.


2.3 Data Collected via Third-Party Platforms

We use the following third-party services, each of which may collect and process personal data independently:


  • Kit (email marketing): collects and stores your email address and engagement data (opens, clicks) when you subscribe to our list
  • Payhip (payments and product delivery): collects your name, email address, and payment details when you make a purchase. Payment card data is processed by Payhip's payment processors and is not stored by us

3. How We Use Your Data

We use your personal data for the following purposes:


  • To process and fulfil your product orders
  • To deliver digital products and send order confirmation emails
  • To send you email newsletters, product updates, and marketing communications, where you have subscribed or consented to receive these
  • To respond to your enquiries and provide customer support
  • To improve our website and product offerings based on usage patterns
  • To comply with our legal obligations

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:


  • Contract: to fulfil our obligations when you purchase a product from us
  • Consent: to send you marketing emails and newsletters. You can withdraw your consent at any time by unsubscribing using the link in any of our emails
  • Legitimate interests: to operate and improve our website and business, where this does not override your rights and interests
  • Legal obligation: where we are required to process data to comply with applicable law

5. Email Marketing

We use Kit to manage our mailing list and send email communications. If you subscribe to our list (including by downloading a free resource), you will receive a welcome email sequence and periodic updates from us.

You can unsubscribe at any time by clicking the unsubscribe link at the bottom of any email, or by contacting us directly. Unsubscribing will remove you from our marketing list; it will not affect any order-related communications.

We do not sell, rent, or share your email address with third parties for their own marketing purposes.


6. Who We Share Your Data With

We do not sell your personal data. We share your data only with the following third-party service providers where necessary to operate our business:


  • Payhip: for payment processing and product delivery
  • Kit: for email list management and marketing communications
  • Cloudflare: for website hosting, performance, and security

Each of these providers acts as a data processor on our behalf and is contractually required to handle your data securely and in accordance with data protection law. We do not transfer your personal data to countries outside the UK or EEA except where adequate safeguards are in place.


7. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy, or as required by law:


  • Purchase records are retained for a minimum of six years in accordance with UK tax and accounting requirements
  • Email subscriber data is retained for as long as you remain subscribed to our list. Upon unsubscribing, your data will be removed from active marketing lists within a reasonable timeframe
  • Website analytics data is retained in accordance with the retention policies of the relevant platform

8. Cookies

Our website may use cookies and similar tracking technologies to improve your browsing experience and analyse site traffic. Cookies used by Cloudflare may be set automatically for security and performance purposes.

You can manage or disable cookies through your browser settings, though this may affect your experience of our website. Where we use non-essential cookies, we will seek your consent in accordance with applicable law.


9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:


  • Right of access: to request a copy of the personal data we hold about you
  • Right to rectification: to request correction of inaccurate or incomplete data
  • Right to erasure: to request deletion of your data in certain circumstances
  • Right to restriction: to request that we limit how we process your data
  • Right to data portability: to receive your data in a structured, machine-readable format
  • Right to object: to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us using the details below. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you are unhappy with how we handle your data.


10. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Our website is served over HTTPS via Cloudflare, and we use reputable third-party platforms with their own security standards for payments and email.

No method of transmission over the internet is entirely secure. While we take appropriate precautions, we cannot guarantee absolute security of data transmitted to or from our website.


11. Children's Privacy

Our products and website are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.


12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the most recent revision is shown at the top of this document. We encourage you to review this policy periodically. Continued use of our website following any update constitutes acceptance of the revised policy.


13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us via the details available on our website at therunbook.co.uk.