Runway updated its Privacy Policy effective May 11, 2026 to expand the definition of user content to include prompts, audio, screen sharing, and content from third-party applications connected to the service, as well as transcripts and recordings. The policy also added Japan, Indiana, Kentucky, and Rhode Island to the list of jurisdictions whose residents have specified privacy rights. Minor formatting corrections were made to contact procedures.
The updated policy broadens the categories of information considered 'user content' to explicitly include prompts you input, audio files, screen sharing activity, and transcripts or recordings generated through the service. This clarifies that content from third-party applications you connect with Runway, along with associated metadata, falls under the policy's user content definition. Additionally, the policy now recognizes that residents of Japan, Indiana, Kentucky, and Rhode Island have jurisdiction-specific privacy rights similar to those already listed for other states and regions, such as the right to know what personal information has been collected, to request deletion or correction, and to object to certain processing.
The clarified content definition ensures users understand that Runway's policy covers a comprehensive range of inputs and outputs including prompts and generated transcripts, which may be material for users concerned about how their interactions with the service are documented. The expansion to recognize privacy rights for Japan and three additional US states operationally requires Runway to honor data access, deletion, and correction requests from residents of those regions under the same procedures already established for other jurisdictions.
→ If you are a resident of Japan, Indiana, Kentucky, or Rhode Island, you can now submit privacy rights requests (access, deletion, correction, opt-out) to privacy@runwayml.com using the same procedures described for other states and regions.
→ Users in the newly added jurisdictions will have their privacy requests processed according to the updated policy's procedures if submitted; no action is required to activate these rights, as they apply by law.
Expanded to explicitly include prompts, audio, screen sharing, transcripts, recordings, and data from connected third-party applications.
Added Japan, Indiana, Kentucky, and Rhode Island to the list of jurisdictions whose residents have recognized privacy rights under the policy.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Organizations serving users in these four additional jurisdictions must now acknowledge and facilitate the same privacy rights (access, deletion, correction, opt-out) that apply to residents of other listed jurisdictions.
This change primarily adds jurisdictional scope to existing privacy rights recognition and clarifies the definition of user content to encompass a wider range of inputs and outputs. Organizations subject to this policy should note that the expanded content definition may affect data handling procedures, retention policies, and deletion workflows. The addition of Japan, Indiana, Kentucky, and Rhode Island to the recognized jurisdictions expands the population for whom specific consumer rights access procedures apply. Compliance teams should verify that existing data access, deletion, and correction processes accommodate the broader content categories and the additional jurisdictions.
GDPR (EU user content and processing); CCPA and state-specific privacy laws (California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia); Japan's Act on the Protection of Personal Information (APPI)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002019.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorRunway updated its Terms of Use on June 26, 2026 with two primary changes: the addition of promotional messaging for …
Runway's privacy policy document was updated on June 26, 2026 with minor cosmetic and promotional changes. A promotional banner for …
Runway updated its Terms of Service footer on June 25, 2026 by adding a 'Cookie Settings' link between 'California Notices' …
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the …
TikTok's data collection extends to device sensors, clipboard content, geolocation, and cross-site tracking. Here is what their Privacy Pol…
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.