Privacy Policy — Rún

Effective date: 2026-02-03 · Last updated: 2026-02-03

This Privacy Policy explains how the Rún application (“Rún”, the “App”) handles information. The App is provided by Vikstrom Group AB (“we”, “us”). Contact: run@vgab.eu.

Summary (the short version)

• No account. Rún has no sign-up, login, username, email, or phone number.
• We do not collect personal data. No analytics, no advertising, no tracking, no third-party trackers, no profiles.
• Your messages are end-to-end encrypted. Only you and the person you are messaging can read them. We cannot.
• Connections run over the Tor network, so our relay never learns your IP address.
• Our relay keeps no logs. No IP addresses, no access history — it holds only undelivered, unreadable ciphertext until it reaches the recipient.
• Messages are ephemeral and stored only on your device, encrypted.
• We do not sell, rent, or share your data with anyone — there is nothing to sell.
• Removing the App from your device erases everything Rún stored there.

1. Information we do not collect

We do not ask for, collect, or store:

• Your name, email address, phone number, or any account identifier.
• Your address book or contacts.
• Your location.
• Device identifiers used for advertising or tracking.
• Usage analytics or behavioural data. Rún contains no advertising SDKs, no analytics SDKs, and no third-party trackers.

2. Information stored only on your device (never sent to us)

The following is created and kept locally on your device, inside an encrypted vault, and is never transmitted to us:

• Your contacts (the cryptographic keys and aliases you create when pairing with someone in person). Contact data is generated on-device; we never upload or receive your contact list.
• Your messages. Read and sent messages are erased automatically when you close the App; unread incoming messages persist only until you read them. Messages exist in plaintext only in memory while you are viewing a conversation.
• A PIN-protected vault. We do not store your PIN. Your PIN is used on-device to derive the key that encrypts your vault; only a locally stored verifier (not the PIN itself) is kept so the App can recognise a correct PIN.
• Encryption keys, held in the device's secure storage (Apple Keychain on iOS / Android Keystore), never leaving the device.

You control this data entirely. It is destroyed when you wipe the vault, when the App's automatic safeguards trigger (repeated incorrect PIN entry or long inactivity), or when you uninstall the App.

3. Information our relay handles

To deliver messages between two people who are not online at the same time, Rún sends and retrieves messages through a relay server we operate. The relay is deliberately “dumb”: it stores sealed, fixed-size (padded) ciphertext addressed to randomly generated, opaque inbox identifiers.

The relay keeps no logs. It does not record access logs, request logs, IP addresses (it cannot see them — connections arrive over Tor), inbox-access history, or timing/metadata about who fetched or posted what. It maintains no user accounts and no profiles.

What the relay cannot see or do:

• It cannot read your messages — it only ever holds end-to-end-encrypted ciphertext.
• It cannot identify you — there are no accounts, and Tor hides your IP address.
• It cannot tell how long your messages are — payloads are padded to fixed-size buckets.

The only data the relay holds at any moment is the set of currently-undelivered encrypted blobs and their opaque inbox identifiers. To route a message it transiently processes that identifier and ciphertext in memory, but it persists none of it beyond storing the pending blob until delivery.

Retention: a message blob is removed from the relay once it has been delivered to its recipient; inboxes that are never used expire automatically after a long period of inactivity. Because the relay keeps no logs, nothing about your activity persists on our servers beyond pending, unreadable ciphertext.

4. The Tor network

Rún routes its connection to the relay through the Tor network so that the relay (and any network observer) cannot learn your IP address. Tor is operated by the Tor Project and independent volunteers; it is a third-party network and its use is subject to the Tor Project's terms and privacy practices. Rún uses Tor solely for its own connection to our relay — it is not a general-purpose proxy or VPN and does not route any other app's traffic.

5. Permissions

• Camera: requested only when you choose to add a contact by scanning their QR code. Camera frames are processed on-device to read the code and are never stored or transmitted. Rún does not access your photo library.
• Network access: used only to connect to the relay over Tor as described above.

6. Donations

Rún may display a cryptocurrency (Monero) address for voluntary donations to the project. This is informational only. The App does not process payments, does not receive or store any wallet or payment information, and a donation (if you choose to make one) is a transaction you initiate yourself, outside the App, on a public blockchain governed by its own rules — not by us.

7. Platform-level diagnostics

Rún does not include crash-reporting or diagnostics SDKs. If you have separately opted in, at the operating-system level, to share diagnostics with developers, Apple or Google may provide us aggregated, anonymised crash information. This is governed by Apple's or Google's privacy policies, is outside Rún's control, and never includes message content.

8. Data sharing

We do not sell, rent, trade, or share your information with third parties for any purpose. We have no personal data to share. We may disclose information only if required by valid legal process — but because we keep no logs, hold no accounts, receive no IP addresses, and store only unreadable ciphertext addressed to opaque identifiers, there is effectively nothing identifying for us to disclose.

9. Security

Rún is built around strong, standard cryptography: end-to-end encryption of messages (AES-256-GCM with keys exchanged in person), on-device vault encryption, keys held in the platform secure enclave/keystore, message padding to resist size analysis, and connectivity over Tor. No system is perfectly secure, and you are responsible for safeguarding your device and PIN.

10. Data retention and deletion

• On your device: read and sent messages are erased when you close the App. You can wipe the entire vault at any time, and uninstalling the App removes all of its data from your device.
• On the relay: delivered messages are removed; unused inboxes expire after long inactivity; and no logs are kept, so nothing about your activity remains. To clear pending data sooner, open the App so it retrieves your messages.

11. Children

Rún is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect information from children. As the App collects no personal data, it does not gather information from any user.

12. Your rights (GDPR / CCPA and similar laws)

Privacy laws such as the GDPR and CCPA give you rights to access, correct, or delete personal data a service holds about you, and not to have it sold. Because we operate no accounts and do not collect or hold personal data about you, there is generally nothing for us to access, correct, delete, or sell on our side. You already hold and control all of your data on your own device and can erase it instantly. We do not sell personal information.

13. International use

Rún is available internationally. Strong encryption may be regulated in some jurisdictions; you are responsible for ensuring your use of the App is lawful where you are.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the “Last updated” date above and, where appropriate, note changes within the App or on https://vgab.eu/privacy.html.

15. Contact

Questions about this Privacy Policy or Rún's privacy practices: run@vgab.eu