Legal
Privacy Policy
Last updated: April 2026
1. Introduction
JustRun ("we", "us", "our") is operated by BuiltByGo Ltd. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cron job scheduling service at justrun.sh (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Account Information
When you create an account, we collect your email address, name (if provided), and authentication credentials. If you sign in via GitHub OAuth, we receive your GitHub username and email address.
Job Configuration Data
We store the cron job configurations you create, including target URLs, HTTP methods, headers, request bodies, cron expressions, and retry settings. Custom HTTP headers and authentication tokens are encrypted at rest using AES-256.
Execution Logs
When your jobs run, we record execution metadata including HTTP status codes, response times, response body previews (first 1KB), error messages, and timestamps. These logs are retained according to your plan's retention period.
Usage Data
We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, operating system, and IP address. This data is used to improve the Service and diagnose technical issues.
3. How We Use Your Information
- ●To provide, operate, and maintain the cron job scheduling Service
- ●To execute your scheduled HTTP jobs and deliver execution results
- ●To send alert notifications via your configured channels (email, Slack, Discord, webhooks)
- ●To provide AI-powered diagnostics when your jobs fail
- ●To process payments and manage your subscription
- ●To send service-related communications (downtime notices, security alerts, billing updates)
- ●To detect and prevent abuse, fraud, and security threats
4. Cookies
We use essential cookies to maintain your authentication session and remember your preferences (such as theme selection). We do not use third-party advertising or tracking cookies. Our analytics are privacy-focused and do not track individual users across websites.
5. Third-Party Services
We use the following third-party services to operate JustRun:
Supabase
Authentication and database hosting. Your account data and job configurations are stored in Supabase-managed PostgreSQL databases with Row Level Security. Data is processed in the EU.
Stripe
Payment processing. We do not store your credit card details — all payment information is handled directly by Stripe in compliance with PCI DSS Level 1. We only store your Stripe customer ID and subscription status.
Railway
Application hosting and infrastructure. Our API server and job execution engine run on Railway's managed platform. Execution logs and temporary data may be processed on Railway's infrastructure.
6. Data Retention
Job execution logs are retained according to your subscription plan: 1 day (Free), 7 days (Hobby), 30 days (Maker), 90 days (Pro), or 1 year (Scale). After the retention period, execution logs are permanently deleted. Your account information and job configurations are retained for as long as your account is active. If you delete your account, all associated data is permanently removed within 30 days.
7. Data Security
We implement appropriate technical and organisational measures to protect your data. Sensitive fields (HTTP headers, authentication tokens, webhook secrets) are encrypted at rest using AES-256. All data in transit is protected with TLS 1.3. API keys are SHA-256 hashed before storage. We enforce SSRF protection on all outbound requests to prevent exploitation of your job configurations.
8. Your Rights (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation:
- ●Access — Request a copy of the personal data we hold about you
- ●Rectification — Request correction of inaccurate or incomplete data
- ●Erasure — Request deletion of your personal data ("right to be forgotten")
- ●Portability — Request your data in a structured, machine-readable format (JSON export)
- ●Restriction — Request that we limit how we process your data
- ●Objection — Object to our processing of your data for specific purposes
To exercise any of these rights, contact us at the email address below. We will respond within 30 days.
9. Children's Privacy
JustRun is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will send an email notification to the address associated with your account.
11. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: