Runway Privacy Policy

This is Runway AI's privacy policy, explaining what personal data the AI video and content creation company collects from you — including facial scans and voice recordings when you use certain AI generation features. The single most important thing to know is that Runway collects biometric data (your face and voice) when you use certain features, and shares your personal data with advertising partners in ways that may legally count as 'selling' your information even though Runway says it doesn't sell data in the traditional sense. You can opt out of this advertising data sharing by clicking the 'Your Privacy Choices' link in the website footer, and you can request deletion of your data by emailing privacy@runwayml.com.

This Privacy Policy, effective September 4, 2025, governs Runway AI, Inc.'s collection, use, and disclosure of personal data across its website, AI content creation services, mobile application, and marketing activities, relying on contractual necessity, legitimate interests, legal compliance, and consent as legal bases. The document creates significant obligations including biometric data collection (voice data and facial scans) for AI-generated video and audio features, disclosure of personal data to advertising and analytics partners in ways that may constitute a 'sale' under CCPA and analogous state laws, and grants enterprise account administrators access to and control over user accounts. Notably, the policy collects biometric identifiers — a category subject to heightened legal protection under BIPA (Illinois), CIPA (Texas), and Washington state law — with limited disclosure about retention periods or third-party sharing beyond service delivery, and acknowledges that sharing with advertising partners may qualify as a 'sale' despite disclaiming traditional selling. The policy engages GDPR (EU/UK), CCPA, and over a dozen US state privacy laws (Colorado CPA, Connecticut CTDPA, Virginia VCDPA, Texas TDPSA, Oregon OCPA, and others), with BIPA compliance representing a material and high-severity exposure given Runway's explicit collection of facial scans and voice data. Compliance teams should note the absence of explicit biometric data retention schedules, the broad legitimate interests basis claimed for analytics and profiling, and the enterprise administrator access provision which may implicate employer-employee data access obligations in multiple jurisdictions.