Privacy & Cookie Statement
Last updated: January 22, 2026
At Protone Media, we place a high value on your privacy. This Privacy & Cookie Statement outlines the personal data we collect, the reasons behind it, how we use your information, and the measures we take to safeguard your privacy. Throughout this document, "Protone Media," "we," "us," and "our" all refer to our organization. Rundown is a product of Protone Media B.V., registered in the Netherlands under company number 74459414.
1. Purposes
At Protone Media, we process your personal data for a variety of purposes. In the following sections, we provide a detailed explanation of why we process certain types of personal data, the legal basis for doing so, and how long we retain your information.
1.1 Website Visit
During your visit to our website, we process:
- Your IP address
- Visitor analytics using privacy-first analytics
- Language and country settings
This personal data is only kept as long as you visit the website; if you leave the website, this information is removed. The legal basis for processing this personal data is our legitimate interest in maintaining a website that functions properly and provides an optimal user experience.
1.2 Using Our Service
When you use Rundown, we process certain personal data to provide the service:
- GitHub account information (username, email)
- GitHub repository data (commits, diffs) for report generation
- Account information (login credentials)
- Subscription and billing details
- Generated reports and project configurations
We require this information to provide the Service and maintain our agreement with you. Code diffs and commit data are processed transiently for report generation and are not permanently stored.
1.3 Purchasing a Subscription
When you purchase a subscription, we may process the following:
- Name
- (Business) email address
- Name of your organization
- Invoice & payment details
- Content of correspondence
We will store this information for the duration of our agreement, and certain information may be retained for a longer period if required by law (such as the legal tax retention period of seven years).
1.4 Contact
We offer various ways to contact us, including email. When responding to your inquiries, we will process:
- Name
- (Business) email address
- Name of your organization
- Any additional information you provide in your message
We will utilize this information to efficiently address your request and fulfill our obligations under our agreement with you.
2. GitHub Data Processing
Rundown connects to your GitHub account via OAuth to read your repositories. We want to be transparent about how we handle this data:
2.1 What We Access
- Repository names and metadata
- Commit history (messages, authors, timestamps)
- Code diffs for selected date ranges
2.2 How We Use It
- Code diffs are sent to AI providers to generate reports
- We do not store your source code permanently
- We never modify your repositories or code
- You can revoke access anytime via GitHub settings
2.3 What We Do NOT Access or Store
Rundown does not fetch, copy, duplicate, or store your source code. We only access commit metadata (messages, authors, timestamps) and code diffs for the specific date range you select when generating a report. Your actual codebase and file contents remain private on GitHub. Code diffs are processed transiently for report generation and are not retained after the report is created.
2.4 GitHub OAuth Scope
GitHub requires the "repo" scope to access private repositories. This is the standard scope used by CI/CD tools and code analysis services. We only perform read operations.
3. Third Parties
Protone Media may engage third-party providers to deliver services in compliance with our privacy statement and applicable laws. These providers are authorized to use your personal data solely for specified purposes.
3.1 GitHub (OAuth Provider)
We use GitHub OAuth2 to authenticate users and access repository data. GitHub is operated by Microsoft Corporation (USA). See GitHub's Privacy Statement.
3.2 Paddle (Payment Provider)
We use Paddle as our merchant of record for processing payments. Paddle handles all payment processing and billing. See Paddle's GDPR Commitment.
3.3 AI Providers
We use AI services to generate reports from your code diffs. We use Anthropic (Claude) and OpenAI for AI processing. Your code data is processed according to their respective privacy policies:
Data sent to AI providers via their API services is not used to train their models.
3.4 Laravel Cloud (Hosting)
Our application is hosted on Laravel Cloud in the Frankfurt, Germany region (EU). Laravel Cloud is operated by Laravel Holdings Inc. See Laravel Cloud's Privacy Policy.
4. Transfer of Personal Data
Protone Media and its (sub-)processors may transfer personal data outside the European Economic Area (EEA) insofar as such transfer complies with the applicable privacy legislation, such as the GDPR. The transfer of personal data to companies outside of the EEA depends on which of our services you are using.
5. Cookies
We use functional cookies to optimize your experience on our website. Functional cookies are necessary for logging into our platform.
Necessary / Functional Cookies
These cookies are necessary for a properly functioning website and do not require an opt-in.
| Name | Provider | Purpose | Retention |
|---|---|---|---|
| laravel_session | Rundown | Login status | 2 hours |
| remember_web | Rundown | Login status | 5 years |
| XSRF-TOKEN | Rundown | CSRF protection | 2 hours |
| paddle_* | Paddle | Payment checkout | 1 week |
6. Your Rights
We respect your rights under the GDPR, which may include:
- The right to access
- The right to correct and supplement
- The right to be forgotten
- The right to data portability
- The right to restriction of processing
- The right to object to automated decision-making and profiling
- The right to object to data processing
To exercise your rights or if you have any questions about the way we process your personal data, please use the contact information provided at the end of this privacy statement.
If you are not satisfied with the handling of your request, you have the right to file a complaint with the national authority responsible for supervising compliance with the GDPR. In the Netherlands, this authority is the Autoriteit Persoonsgegevens.
7. Security Measures
Protone Media has implemented various technical and organizational security measures to ensure the safety of your personal data:
- We use TLS (Transport Layer Security) technology to protect the transmission of personal data through all online channels.
- All equipment is password-protected.
- Access to personal data is limited to a need-to-know basis.
- We use a secure and properly certified hosting provider.
- Code data is processed transiently and not permanently stored.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy statement. Specific retention periods are:
- Account data: Retained while your account is active. Upon account closure or cancellation, your data will be deleted within 30 days.
- GitHub repository data: Code diffs and commit data are processed transiently and not stored. Generated reports are retained until you delete them or close your account.
- Billing records: Retained for 7 years as required by Dutch tax law.
9. Contact Details
If you have any questions or concerns about how we process your personal data, you can reach out to us:
- Website: protone.media
- Email: info@protone.media
10. Changes to This Statement
Protone Media may update this Privacy & Cookie Statement from time to time. Any changes made to this statement will be posted on this website. It is recommended that you review this statement periodically to stay informed about how we are protecting your personal data.