Privacy policy.

What we collect

We collect the minimum information needed to run labrun: your email address and password hash (Supabase Auth), your subscription status (Stripe), your lab progress events (Supabase), and basic product analytics events (PostHog).

What we do not collect

We do not collect your AWS credentials. Labs run with a temporary session token that scopes the companion panel to your lab's checkpoints; the token never leaves your notebook session. We do not sell your data.

Third parties

We use Supabase for auth and database, Stripe for payments, Resend for email, Vercel for hosting, Cloudflare for DNS and edge caching, PostHog for product analytics, and Sentry for error monitoring. Each handles a narrow slice of the product and is bound by its own terms.

Cookies

We use first-party cookies for authentication and product analytics. We do not use third-party advertising cookies. You can clear cookies at any time; you will be logged out and analytics will reset.

Your rights

You can request a copy of your data, ask for it to be deleted, or close your account at any time. Email taqi@labrun.dev from the address on file and we will respond within seven days.

Children

labrun is intended for users who are old enough to manage their own cloud account and credit card. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, email us and we will remove the account.

Contact

Questions about privacy? Email taqi@labrun.dev.