top of page

Privacy Policy

Last updated: July 2024

1. The Basics


1.1. Who We Are


1.1.1. Runbooks Inc. offers our clients a platform to manage the operational process of cyber security systems. These services are provided as a virtual appliance on prem or via the cloud. Additionally, we provide an informational website. Our offices are located at 260 Madison Ave, 8th Floor, New York, NY 10016.

1.1.2. If you have questions about our company or your privacy, or want to exercise your rights, you can contact us at

1.1. Our Role: Controller and Processor. Certain data protection laws, including the laws in the EU, differentiate between a party that determines why and how personal data is processed (called a "controller") and a party that processes personal data solely on the controller's behalf and according to the controller's instructions (called a "processor"). We are the controller in respect of some of the processing described in this Privacy Notice. Additionally, in respect of certain personal data, we serve as a processor. Please see the section below on Personal Data We Collect as a Processor for more information.


1.2. Definitions and Recommendations


1.2.1. When we refer to "services", we mean services that we provide in connection with our platform that we provide to manage the operational process of cyber security systems,

1.2.2. When we refer to our “site”, we mean our informational website located at


1.2.3.When we refer to "personal data", we mean information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.


1.2.4. When we refer to "you", we mean visitors to our site and any customer which utilizes our platform, as well as our customers' employees and/or service providers. [


1.2.5. This Privacy Notice is meant to be read together with our Terms of Service (in connection with our site), which you can find at In general, we recommend that you routinely review this privacy notice and your preferences on our site.


1.3. A Note on Legal Bases. Certain jurisdictions only allow the processing of personal data where a legal basis has been established. Under the EU's General Data Protection Regulation ("GDPR"), the possible legal bases include (but are not limited): your consent, the processing is necessary to perform a contract with you, the processing is necessary to fulfill our legal obligations, or a company has a legitimate business interest to process your personal data. Where we are a controller, we only collect and process data where we have established a legal basis. Below you can find more details about specific legal bases.

2. Personal Data We Collect as a Processor. We process certain personal data about our customers' employees, and/or service providers when we provide services to our customers. In that case, we serve as a processor and the customer serves as a controller. We process that data on behalf of the relevant customer and according to its instructions. If you are an employee or service provider of one of our customers, we may process personal data about you that includes data regarding your interactions with the services. 


2.1. We may also collect services metadata, runtime environments, configuration values, third parties' API key, your IP address, mobile device or computer operating system and browser, screen resolution, page views, clicks-recorded sessions, and geo-location. In addition, we collect any information you provide when you contact us for any reason. You are not required by law to provide us with any of the information described herein, but by using the services you agree to provide us with such information. We may share this data with the relevant customer. To learn more about our processing activities in this capacity or to exercise your privacy rights regarding them, please contact the applicable customer directly.


2.2. Automated Decision-Making/Use of AI. We process certain personal data using artificial intelligence algorithms in order to provide and improve our services and develop new products and services. We process data including system and configuration information, e.g. IP Address, computer operating system, third party software, versions, user login, and/or timestamps with these algorithms.

3.  Personal Data We Collect as a Controller, How We Use It, and Why. Below is a description of the types of personal data we collect, how we use it, and the reason why we consider each use lawful. You have no legal obligation to provide us with personal data, but if you don't provide us with certain information, we may not be able to provide you with the associated services. We will not share your personal data with third parties without your explicit permission, except as provided hereunder and except when required by law, regulation, subpoena or court order or as otherwise expressly set forth herein. We may use personal data and other information internally – for example, to provide you with goods and services, to help diagnose problems with our servers, and to make our products and services more useful for you and for our other users and customers.


3.1. Site Visitors. When you visit our site or contact us for information (or otherwise), we may collect the following types of data about you.


3.1.1 Contact Form Information/Information when you Contact Us – When you send us a message through the contact form on our site, we collect any data you provide, such as your name, mobile number, company, email, and the content of your message. We also may obtain this information if you contact us in a different way (such as by calling us or reaching out).


How We Use this Data: To respond to your message and to provide you with commercial messages about our products and services, as well as products and services of selected third parties we think may be of interest to you.


Legal Basis: We process this personal data based on the performance of a contract with you. By accepting the Terms of Service (including the terms of this Privacy Policy which are incorporated therein) contact us or using the services, you affirmatively consent to receive such messages. Depending on your location, processing your personal data to share commercial messages with you is based on our legitimate interest or on your consent. You will also be given the opportunity to unsubscribe from commercial messages in any such email we send. Please note that we reserve the right to send you service-related communications, including service announcements and administrative messages, relating either to your account or to your transactions through the services, without offering you the opportunity to opt out of receiving them unless you cancel your account.


3.1.2. Activity and System Data (Cookies) – When you visit our site, we automatically collect data about your computer or mobile device, including personal data such as your IP address, device ID, browsing history (e.g. the other sites you've visited before ours), and your activity on our site (e.g. what pages you visited, for how long, and what links you clicked on). For more information about the cookies we use and how to adjust your preferences, see the Cookies and Similar Technologies section below.


How We Use this Data: We mainly use this data to generate aggregated and/or anonymized analytics data about the use of our site so we can maintain and improve the site and develop new products or services. We also use statistical data to prevent fraud and protect the security of our site. Some cookies may be used to provide you with advertising for our products and services or those of third parties, based on your preferences and interests. Statistical information does not indicate individuals’ identities, and we will not link statistical information to any personal data. We do note that we will store statistical information in conjunction with user IDs that we create specifically for these purposes. We may share statistical information with our partners, pursuant to commercial terms that we determine in our sole discretion. In addition, we may provide any information to third parties, so long as we have removed any information that identifies any particular individual or user, such as a name, address or contact information.  One of the tools we use to collect and analyze data is "Google Analytics". For more information about how Google collects information and how you can control such use, see:


Legal Basis: We process this personal data based our legitimate interests to develop and improve our products and services, and to prevent fraud. When we collect your activity data to advertise to you, we do so on the basis of our legitimate interest to market our own products and services. We will only use your personal data for marketing third parties' products and Services if you have given your consent. You may withdraw your consent at any time by contacting us at We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective. Additional information regarding Our Marketing Activities is provided below.


3.2. Job Applicants – If you apply for a job with us, we collect the information you provide as part of your application and during the course of the application process. This may include your name, contact details, resume, recommendations, and any other information we may request or that you choose to share with us.


How We Use this Data: We use this data to process your job application, including using your contact details to contact you for scheduling purposes and to provide you with updates. We also use this data to manage our recruitment campaigns, as well as to analyze their results and improve future campaigns.


Legal Basis: We process your application data based on our legitimate interest to attract and assess candidates for employment.


3.3. Event Participants – From time to time, we hold special events in which we may invite you to participate. If you receive an invitation, we may collect the following personal data from you:


3.3.1 Registration Data – When you register for and participate in an event, we collect your name, contact details, and any other information we may request (such as your IT environment).


How we use this data: We use this data for logistical purposes, such as to help us plan the event, as well as to contact you with reminders and updates about the event and to ask for your feedback regarding the event so that we may improve future events or our services. We may conduct surveys as well. If you consent, we may also send you marketing information about future events and other updates.


Legal Basis: When we process this personal data in the course of planning for and running the event, we do so in order to perform a contract with you. When we process this personal data to improve our events and services, we do so based on our legitimate interest to grow and improve our business and services. When we process this personal data to send you marketing information, we do so based on your consent. You may withdraw your consent at any time by contacting us at


3.3.2. Event Pictures – We may hire photographers to cover certain events. Event participants may be photographed directly or may appear in the background of event photos.


How we use this data: We may post event pictures, including on social media, to notify or update the public that the event took place. We may tag individuals in specific photos. We may also use the photos in other marketing materials.


Legal Basis: When we collect event pictures, we do so on the basis of our legitimate interest to market future events and our services.

4. Our Marketing Activities. As described above, we may use personal data we collect for advertising and marketing purposes. We try to limit the marketing material we send to a reasonable and proportionate level. Below we describe how you can control the marketing material you receive from us.


4.1. Email or Other Marketing and Services Communications


4.1.1  We use your contact details to send you commercial messages via SMS and/or email about our products and services, including by means of newsletters. Depending on your location, this use may be based on our legitimate interest or on your consent. If based on your consent, you may withdraw your consent at any time by emailing us at If you consent, we may also send you marketing material of third parties. You can withdraw your consent at any time by contacting us at


4.1.2. You can stop the delivery of all marketing emails by following the "unsubscribe" link in any messages we send you. Alternatively, you can contact us at to request to unsubscribe.

5. Sharing the Personal Data We Collect. We share your personal data as follows:


5.1. Affiliates. We share your personal data, with our affiliated companies, such as Runbooks Ltd., where this is necessary to provide you with our products and services and so that we can manage our business, such as to keep updated records of our users.


5.2. Customers. If you use our services in connection with a company that is our customer, that customer may have access to information about your use of our services. For example, a user with an administrator account may be able to see your data. For the avoidance of doubt, we do not share mobile phone numbers with our affiliated companies, without obtaining your prior consent.


5.3. Service Providers. We use various types of service providers (such as CRM platforms and website hosting) to help us provide our services. All service providers have agreed to confidentiality restrictions and have undertaken to use your personal data solely as we direct.


5.4. Change of Ownership. If we are looking to sell our company, liquidate assets, or merge with another, we may share your personal data with other interested parties as part of negotiations toward that transaction or after such transaction. In such case, or where we do sell our company, your personal data shall continue to be subject to the provisions of this Privacy Notice. Information about our users, including personal data, may be disclosed as part of, or during negotiations of, any merger, sale of company assets, spinoff or acquisition and shall continue being subject to the provisions of this Privacy Policy. By providing such information, you expressly consent to such transfer and use, including transfers outside of the country of your residence.


5.5. Law Enforcement Related Disclosure. We may share your personal data with government agencies or other relevant parties, such as a law office or independent auditor: (i) if we believe that such disclosure is appropriate to protect our rights, property or safety (including the enforcement of the Terms of Service and this Privacy Notice) or those of a third party; (ii) if required by law or court order; or (iii) as is necessary to comply with any legal and/or regulatory obligations, such as audit requirements.

6. International Transfers.  Some of our service providers and affiliates are located in countries other than your own. When we transfer your personal data internationally, we will do so safely and securely and in accordance with applicable law.


6.1. If you are located in the EU, when we share your personal data with third parties based outside of the European Economic Area ("EEA"), we will ensure that they sign on agreements that require them to comply with applicable law, keep your data secure at similar levels to the level described in this Privacy Notice, and make sure that your data protection rights are protected. We will also implement the following safeguards:


6.1.1. When we transfer your personal data to Israel or the UK, we rely on the decision by the European Commission that says that those countries are considered to provide an adequate level of data protection.


6.1.2. Where we transfer your personal data to other countries, we (i) take additional security measures to protect the data and (ii) use specific contracts approved by the European Commission, known as the Standard Contractual Clauses, to give your personal data the same protection it has in the EEA.


6.1.3. Please contact us at if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.

7. Security. The security of your personal data is our highest priority. We work hard to make sure that your personal data will be held securely and that it will not be shared or lost accidentally. However, it is impossible to guarantee absolute security. The security of your data also depends on the security of the devices you use and the way in which you protect your user IDs and passwords. We will implement reasonable security measures appropriate to the nature of the user data including, without limitation, technical, physical, administrative, and organizational controls, and will maintain the confidentiality, security and integrity of such user data. The measures we take include:


7.1. Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers, firewalls, and antivirus protections. We encrypt data in transit using secure protocols.


7.2. Access Control. We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee's access immediately after his/her termination.


7.3. Internal Policies. We maintain and regularly review and update our privacy-related and information security policies.


7.4. Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.


7.5. Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.

8. Your Rights - How to Control Our Use of Your Personal Data. Depending on which laws apply, you have certain legal rights over your data. Below is some general information about rights that may apply to you but we recommend checking the law or consulting with a lawyer to understand what applies in your specific case. To exercise your rights, please contact us at If you want to exercise your rights regarding your personal data held by other controllers you can contact the applicable controller directly. We may ask for reasonable evidence to verify your identity before we can comply with any request.


8.1. Right of Access. You may have a right to know what personal data we collect about you. We may charge you a fee to provide you with this information, if permitted by law. If we are unable to provide you with all the information you request, we will do our best to explain why. See Article 15 of the GDPR for more details, if your personal data is subject to the GDPR.


8.2. Right to Correct Personal Data. You may request that we update, complete, correct or delete inaccurate, incomplete, or outdated personal data. See Article 16 of the GDPR for more details, if your personal data is subject to the GDPR.


8.3. Deletion of Personal Data ("Right to Be Forgotten"). If you are located in the EU, you may have the right to request that we delete your personal data, subject to our rights of retention under applicable law. Note that we cannot restore information once it has been deleted. Even after you ask us to delete your personal data, we may be allowed to keep certain data for specific purposes under applicable law. See Article 17 of the GDPR for more details, if your personal data is subject to the GDPR.


8.4. Right to Restrict Processing. If you are located in the EU, you may have the right to ask us to stop processing your personal data. See Article 18 of the GDPR for more details, if your personal data is subject to the GDPR.


8.5. Right to Data Portability. If you are located in the EU, you may have the right to request that we provide you with a copy of the personal data you provided to us in a structured, commonly-used, and machine-readable format. See Article 20 of the GDPR for more details, if your personal data is subject to the GDPR.


8.6. Right to Object. If you are located in the EU, you may have the right to object to certain processing activities. See Article 21 of the GDPR for more details, if your personal data is subject to the GDPR.


8.7. Withdrawal of Consent. If we are processing your data based on your consent, you are always free to withdraw your consent; however, this won't affect processing we have done from before you withdrew your consent.


8.8. Right to Lodge a Complaint with Your Local Data Protection Authority. If you are located in the EU, you have the right to submit a complaint to the relevant data protection authority if you have any concerns about how we are processing your personal data, though we ask that as a courtesy you please attempt to resolve any issues with us first.


9. Data Retention.


9.1. We retain your information for as long as your account is active or as needed to provide you with services.. If you wish to cancel your account or request that we no longer use your information to provide you with services, please contact us at the e-mail address listed above.


9.2. When deciding how long to store personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized access, the purposes for which the personal data was collected, as well as applicable legal requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business's retention policy.


9.3. In some circumstances, we may store your personal data even after we're finished using it if required to do so by law (e.g. to fulfill tax or audit requirements), or to keep accurate records of our interactions in case there is a prospect of litigation relating to your personal data. In such cases, we will maintain the same security measures as described above.


9.4. Please contact us at if you would like details about the retention periods for each type of personal data we process.

10. Cookies and Similar Technologies.


10.1. What are Cookies? A cookie is a small piece of text that is sent to your browser by a website you visit. This piece of text acts as a sort of tag, letting the website know that it's you (really, your device) that's visiting. There are other technologies that act similarly, like web beacons, pixel tags, and Device IDs for apps, but for simplicity's sake we'll refer to them all as "cookies".


10.2. Websites can place their own cookies (called "first-party cookies") but can also place cookies from other sites (called "third-party cookies"). If your browser holds both first and third-party cookies for a given website, both the website and the third party are notified when you visit the site. We may place both first and third-party cookies on our site / service.


10.3. How We Use Cookies. While the specific names and types of cookies we use may change from time to time, they generally fall into one of the categories listed below.

Screenshot 2024-06-26 153538.png

10.4. Third Party Cookies. In addition to our first-party cookies, we may place cookies from the following third parties:

a. Wix

b. Hubspot

c. Google Analytics


10.5. How to Adjust Your Preferences. Most web browsers are initially configured to accept cookies, but you can change your settings so your browser refuses all cookies or certain types of cookies. In addition, you are free to delete any existing cookies at any time. Please note that some features of the services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.


10.6. By changing your device settings, you can prevent your device's ad identifier being used for interest-based advertising, or you can reset your device's ad identifier. This means that you won't be shown ads that relate to your browsing activities. Typically, you can find the ad identifier settings under "privacy" or "ads" in your device's settings, although settings may vary from device to device. Adjusting your preferences does not mean you will no longer receive ads, it only means the ads that you do see may be less relevant to your interests.


11. Third-Party Services.

In addition, the site/service may link to or use websites or services belonging to third parties. We have no control over third-party sites or services, and all use of third-party sites or services is at your own risk. We cannot accept responsibility for the privacy policies of any such sites. We are not responsible for content available by means of such sites or services. We do not endorse any products offered by third parties and we urge our users to exercise caution in using third-party sites or services.


12. Children. We do not knowingly collect personal data from children under the age of thirteen (13). In the event that you become aware that an individual under the age of thirteen (13) has registered without parental permission, please advise us immediately.


13. Changes to the Privacy Notice. We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business. We will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version.

bottom of page