Last updated: February 2026
droidrun GmbH, located at Rheinstraße 82, 49090 Osnabrück, prioritises personal data protection. The company complies with EU Regulation 2016/679 (GDPR), the German Federal Data Protection Act (BDSG), and this privacy policy.
This policy informs data subjects about personal data processing when using the websites droidrun.ai and mobilerun.ai, or when contacting the company.
droidrun acts as a GDPR controller for personal data processed through its websites or direct contact.
Contact Details:
droidrun GmbH
Rheinstraße 82
49090 Osnabrück
Email: dataprotection@droidrun.com
Automatic data collection occurs during website visits, including:
Legal basis: Art. 6 para. 1 sent. 1 lit. f GDPR based on legitimate interests in providing functional, secure websites.
Storage duration: Deleted after 7 days maximum, except where legal retention obligations apply.
Contact data collected includes name, email address, and request-specific information.
Legal basis: Processing occurs under Art. 6 para. 1 sent. 1 lit. b GDPR for contractual performance or pre-contractual steps, or Art. 6 para. 1 sent. 1 lit. f GDPR for legitimate customer inquiry interests.
Storage duration: Deleted when purpose no longer applies, subject to legal retention requirements.
Newsletter processing requires email address, registration timestamp, IP address, and browser type.
Tracking: Newsletters contain tracking technologies measuring open rates, link clicks, and device information for campaign analysis.
Legal basis: Processing requires explicit consent under Art. 6 para. 1 sent. 1 lit. a GDPR via double opt-in during subscription.
Unsubscription: Recipients may revoke consent at any time using unsubscribe links in emails.
Storage duration: Email addresses retained while subscription remains active.
Organisations providing mobilerun accounts act as sole data controllers for processing activities. droidrun functions only as a data processor.
Users should direct privacy inquiries to their organisation.
Anonymised data supports service development and AI model training.
Data categories:
Legal basis: Art. 6 para. 1 sent. 1 lit. f GDPR based on legitimate interests in improving systems.
GDPR applicability: GDPR does not apply to anonymised data, as it no longer constitutes personal data.
Storage duration: Indefinite storage permitted for anonymised data.
Refer to the Cookie Policy for cookie processing details.
droidrun maintains company pages on LinkedIn, X (formerly Twitter), Instagram, TikTok, GitHub, and Discord for communication and service information.
The respective platform controls personal data processing on company pages. No data transfers occur before users activate hyperlinks.
Information shared includes usernames, email addresses, contact details, communication content, job titles, companies, education, photos, and voluntarily provided data.
Legal basis: Processing under Art. 6 para. 1 sent. 1 lit. b GDPR for contractual or pre-contractual purposes, or Art. 6 para. 1 sent. 1 lit. f GDPR for customer inquiry interests.
Storage duration: Deleted when purpose expires, subject to legal retention obligations.
droidrun may transfer personal data to:
Current Data Processors:
| Processor | Purpose |
|---|---|
| PostHog, Inc. | Product analytics and user tracking |
| Plus Five Five, Inc (Resend) | Newsletter distribution |
| Cloudflare, Inc. | DNS management, domain protection, hosting |
| Autumn Labs | Subscription and billing management |
| Stripe, Inc. | Payment processing and invoicing |
Data is typically processed within Germany and the European Economic Area.
Transfers outside the EEA occur using EU standard contractual clauses under Art. 46 para. 2 lit. c GDPR or adequacy decisions. Documentation available upon request.
Consent may be revoked at any time under Article 7(3) GDPR with future effect only.
Data subjects may request confirmation of processing and receive access to personal data and related information per Article 15 GDPR, subject to § 34 BDSG restrictions.
Inaccurate or incomplete personal data may be corrected per Article 16 GDPR.
Personal data deletion may be requested under Article 17 GDPR conditions, subject to § 35 BDSG restrictions.
Processing restrictions may be requested per Article 18 GDPR.
Structured, machine-readable personal data copies may be requested under Article 20 GDPR when processing is based on consent or contract with automated means.
Objections to personal data processing may be filed per Article 21 GDPR.
Data subjects may file complaints with supervisory authorities per Article 77 GDPR. The responsible authority for droidrun is the State Commissioner for Data Protection, Lower Saxony. A complete list of German supervisory authorities is available at bfdi.bund.de.
Certain personal data provision is required for website functionality and contact purposes. Non-provision may prevent access to functions or limit the company’s ability to respond to inquiries.
Personal data processing does not involve automated individual decisions within Art. 22 para. 1 GDPR scope.
This privacy policy undergoes regular review with updates possible at any time. The last update date appears at the top. Current versions are accessible at /privacy.