Back to Home

Privacy Policy

Last updated: February 26, 2026

1. Introduction

Wellrun ("we," "our," or "us") provides a platform for tracking retainer performance, utilization, and profitability. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Wellrun, you agree to the terms outlined in this policy.

2. Information We Collect

Account Information

Name, email address, company name, and login credentials when you create an account.

Financial & Business Data

Retainer details (rates, hours, billing structures), revenue data, internal cost data (employee costs, hourly rates), and client names (which may be anonymized).

Integration Data

If you connect third-party tools, we may access:

  • Harvest: Time entries, projects, clients, and user data associated with time tracking.
  • Stripe: Subscription status and billing metadata. We do not store full payment details on our servers.

Usage Data

Log data, IP address, browser type, device and session information, pages visited, and feature usage collected automatically.

Cookies

We use session cookies for authentication and preferences. We may also use analytics tools to understand how users interact with the Service. You can manage or disable cookies through your browser settings, though some features may not function properly if you do so. We do not use third-party advertising or tracking cookies.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Calculate profitability metrics, utilization rates, effective hourly rates, and financial insights for your organization
  • Generate alerts and insights (e.g., client risk, pricing issues)
  • Authenticate your identity and manage your account
  • Process payments and manage subscriptions
  • Send important service-related communications and support responses
  • Send product updates, newsletters, or promotional content (you may opt out at any time via the unsubscribe link in any such email)
  • Detect, prevent, and address technical issues or security threats

4. Data Ownership

You retain full ownership of your data. We do not sell, rent, trade, or monetize your personal or business information to third parties for any purpose.

5. Data Isolation & Security

Wellrun uses a multi-tenant architecture with strict data isolation. All data is scoped to your organization — no other organization can access your information. We employ industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), encrypted integration credentials (AES-256-GCM), and session-based authentication with secure cookie policies. No system is completely secure, but we take reasonable administrative, technical, and physical safeguards to protect your data.

6. Third-Party Services

We may share information only with:

  • Payment Processing: Stripe processes payment information under their own privacy policy.
  • Integrations: When you connect services like Harvest, data flows between Wellrun and that service as you configure.
  • Infrastructure: Cloud hosting providers who process data on our behalf under strict data processing agreements.
  • Legal obligations: Where required to comply with applicable law or protect platform security.

We do not sell, rent, trade, or share your personal data with third parties for marketing purposes.

7. Business Transfers

If Wellrun is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your data may be transferred to the successor entity as part of that transaction. We will notify you before your personal data becomes subject to a materially different privacy policy.

8. International Data Transfers

Wellrun is operated in the United States. If you are accessing the Service from outside the United States — including from the European Economic Area (EEA) or United Kingdom — please be aware that your information may be transferred to, stored, and processed in the United States. We take steps to ensure your data is handled in accordance with this Privacy Policy and applicable law. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for transfers of personal data.

9. Children

Wellrun is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us at hello@wellrun.agency and we will promptly delete it.

10. Data Retention

We retain your data while your account is active and for a reasonable period after cancellation for backup and compliance purposes. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law. Aggregated, anonymized data may be retained indefinitely for analytics purposes.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data
  • Port your data in a structured, machine-readable format
  • Object to processing of your data in certain circumstances
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at hello@wellrun.agency.

12. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal data we collect and how it is used, the right to request deletion, and the right to opt out of the sale of your personal data. We do not sell personal data. To exercise your California rights, please contact us at hello@wellrun.agency.

13. Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal data to third parties. We do not currently sell personal data as defined under Nevada law. If you have questions, please contact us at hello@wellrun.agency.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

hello@wellrun.agency
Wellrun LLC
wellrun.agency