How long does it take to get started with RUNO?

Most firms are fully operational within 3-5 business days. We handle data migration, module configuration, and team training as part of onboarding.

Which African jurisdictions does RUNO support?

RUNO currently covers Nigeria, Ghana, Kenya, South Africa, the United Kingdom, and the United States, with ongoing expansion into Tanzania, Rwanda, and the OHADA region.

Do you offer a free trial?

Yes. We offer a 14-day free trial with full access to all modules. No credit card required.

RUNO™ - Legal Intelligence, Reimagined

Document Format Options

You are viewing the interactive web version of this document. For a traditional legal document format suitable for records, printing, or legal review, use the options below.

Currently viewing: Interactive Format

1. Introduction

This document lists the sub-processors engaged by RUNO Legal Technology Limited ("RUNO") to process personal data on behalf of our customers. This list is maintained pursuant to our obligations under GDPR Article 28 and our Data Processing Agreements with customers.

2. Sub-Processor Change Notification

2.1 Notification Process

Customers are notified 30 days in advance of any new sub-processor engagement
Notifications are sent via email to the designated contact
Customers may object within 14 days of notification
This list is updated upon any changes

2.2 Subscribe to Updates

To receive sub-processor change notifications:

Email: compliance@runo.legal
Subject: "Sub-processor notification subscription"
Include: Company name, contact email, contract reference

3. Current Sub-Processors

3.1 Infrastructure & Hosting

Sub-Processor	Service	Data Processed	Location	Safeguards
Railway Inc.	Cloud hosting platform	All customer data	USA / EU	SCCs, SOC 2 Type II
Amazon Web Services	Cloud infrastructure (backup)	Customer data (if selected)	EU (Ireland, Frankfurt)	Adequacy, SOC 2
Cloudflare Inc.	CDN, DDoS protection, WAF	IP addresses, request metadata	Global	SCCs, ISO 27001

3.2 Database & Storage

Sub-Processor	Service	Data Processed	Location	Safeguards
PostgreSQL (Railway)	Database hosting	All application data	EU	Railway DPA applies
Redis Labs	Caching, session storage	Session data, cache	EU	SCCs, SOC 2

3.3 AI & Machine Learning

Sub-Processor	Service	Data Processed	Location	Safeguards
Anthropic	AI/LLM services (Claude API)	Document content, prompts	USA	SCCs, DPA, no training
OpenAI (optional)	AI services (alternative)	Document content if selected	USA	SCCs, DPA, no training

AI Data Handling Note:

• AI providers do not train their models on customer data
• Data is processed only for the requested operation
• No persistent storage of customer content by AI providers
• Audit logging maintained for all AI interactions

3.4 Email & Communications

Sub-Processor	Service	Data Processed	Location	Safeguards
Twilio SendGrid	Transactional email	Email addresses, content	USA	SCCs, SOC 2 Type II
Twilio	SMS notifications (optional)	Phone numbers, SMS content	USA	SCCs, SOC 2 Type II

3.5 Payment Processing

Sub-Processor	Service	Data Processed	Location	Safeguards
Stripe	Payment processing	Payment card details, billing	USA / EU	SCCs, PCI DSS Level 1

Note: RUNO does not store payment card details. All payment data is processed directly by Stripe.

3.6 Monitoring & Security

Sub-Processor	Service	Data Processed	Location	Safeguards
Sentry (optional)	Error tracking	Error logs, limited context	USA	SCCs, SOC 2
Cloudflare	WAF, DDoS protection	Request metadata, IPs	Global	SCCs, ISO 27001

4. Key Sub-Processor Details

Railway Inc.

Service: Primary cloud hosting platform
Website: railway.app
Certifications: SOC 2 Type II
Data Location: USA and EU regions available

Anthropic

Service: AI language model (Claude API)
Website: anthropic.com
Data Handling: No training on customer data
Certifications: SOC 2 Type II

Twilio SendGrid

Service: Transactional email delivery
Website: sendgrid.com
Certifications: SOC 2 Type II, ISO 27001
Data Location: United States

Stripe

Service: Payment processing
Website: stripe.com
Certifications: PCI DSS Level 1, SOC 2 Type II
Data Location: USA / EU

5. Data Transfer Safeguards

5.1 Transfers to USA

For sub-processors located in the USA:

• Standard Contractual Clauses (SCCs)
• Encryption in transit and at rest
• Pseudonymisation where possible
• Transfer Impact Assessments

5.2 Within EU/EEA

Transfers within the EU/EEA are permitted without additional safeguards under GDPR adequacy provisions.

5.3 UK Transfers

Post-Brexit, UK transfers are governed by:

• UK-EU adequacy decision
• UK addendum to SCCs

7. Objection Process

7.1 Right to Object

Customers may object to new sub-processors within 14 days of notification.

7.2 Objection Procedure

Submit written objection to compliance@runo.legal
Include specific concerns and reasons
RUNO will attempt to address concerns
If unresolved, customer may terminate affected services

7.3 Resolution

RUNO will:

• Discuss concerns with customer
• Explore alternative solutions
• Provide additional safeguards if possible
• Allow termination without penalty if objection cannot be resolved

10. Certification Availability

The following certifications are available upon request (under NDA):

Sub-Processor	Available Certifications
Railway	SOC 2 Type II
Anthropic	SOC 2 Type II
Cloudflare	ISO 27001, SOC 2 Type II
SendGrid	SOC 2 Type II, ISO 27001
Stripe	PCI DSS Level 1, SOC 2 Type II

To request certification copies, contact compliance@runo.legal.

8. Version History

Version	Date	Changes
1.0	January 2026	Initial release

9. Contact Information

Sub-Processor Inquiries

compliance@runo.legal

Data Protection Officer

dpo@runo.legal

Subscribe to Updates

Email compliance@runo.legal with subject "Sub-processor subscription"

This sub-processor list is accurate as of the date indicated. Customers will be notified of changes in accordance with their Data Processing Agreement.

Sub-Processor List