Run The List

Privacy Policy

Last updated: June 19, 2026

This policy is written for Run The List's HIPAA-conscious clinical workflow. It should be reviewed by qualified legal counsel and aligned with each customer organization's internal policies and agreements.

1. Information We Collect

Run The List may collect account information, organization information, contact details, authentication identifiers, device and browser information, usage logs, support communications, billing information, and information submitted through the platform.

2. Customer Content and PHI

When production PHI access is enabled, information entered into the platform may include protected health information. PHI is handled according to applicable agreements between Run The List and the customer organization, including a Business Associate Agreement when required.

Trial or demo workspaces should use fictional, synthetic, or de-identified data until production PHI access is approved and the applicable agreement process is complete.

3. How Information Is Used

Information may be used to provide, secure, monitor, support, troubleshoot, improve, and administer the platform; manage accounts and subscriptions; respond to support requests; maintain audit, security, and compliance records; and communicate with customer organizations and authorized users.

4. Access and Disclosure

Run The List does not sell customer data. Information may be disclosed to service providers that help operate the platform, to comply with legal obligations, to protect the platform and users, or as authorized by the customer organization and applicable agreements.

5. Payment Processing

Run The List uses Stripe as a third-party payment processor. Stripe may collect and process billing contact details, payment method information, transaction details, invoices, subscription status, tax information, device information, and related information needed to process payments, prevent fraud, provide receipts, and manage billing. Run The List does not store full credit card numbers.

Do not provide protected health information or patient information in Stripe payment forms, billing portal fields, invoice notes, or payment-related communications.

6. Security Measures

Run The List uses administrative, technical, and organizational safeguards designed to protect information, including role-based access, tenant-scoped workflows, secure authentication, and audit-aware activity records. No system can guarantee absolute security, and users must follow organization policies for access, device security, and appropriate handling of sensitive information.

7. Data Retention

Information may be retained for as long as needed to provide the service, comply with legal and contractual obligations, resolve disputes, enforce agreements, maintain audit records, and support security operations.

8. Customer Responsibilities

Customer organizations are responsible for determining authorized users, managing user access, configuring workflows appropriately, training users, and ensuring that use of the platform is consistent with applicable policies, agreements, and laws.

9. No PHI in Non-Approved Channels

Do not send PHI or patient-identifying information to Run The List through support emails, text messages, screenshots, sales forms, demo requests, payment forms, billing portal fields, invoice notes, or any other non-approved channel.

10. Contact

Questions about this Privacy Policy may be sent to admin@runthelist.io. Support requests should not include protected health information or patient-identifying information unless Run The List has expressly approved a secure support channel for that purpose.