Privacy

Last updated April 2026.

Who operates Runtab

Runtab is operated by Enterprise Web Service LLC, a Minnesota limited liability company. Enterprise Web Service LLC is the data controller for any personal information Runtab collects. The company is small; there are no employees, contractors, or third parties with access to customer data besides the service providers listed below.

What data Runtab collects

• Transaction data from credit card accounts I explicitly link via Plaid: merchant name, transaction date, amount, currency, pending/posted status, and the transaction's account identifier.
• Account metadata: account name, mask (last 4 digits), account type, and institution name.
• Plaid access tokens required to fetch further updates from linked institutions.

Runtab does not collect login credentials. The user authenticates with their bank through Plaid's OAuth flow; bank credentials never pass through Runtab.

Where data is stored

A SQLite database on a 1 GiB encrypted Ceph-backed persistent volume in a self-hosted OpenShift cluster. The cluster sits behind a firewall on a private network and is reachable publicly only through HTTPS-terminated routes with valid TLS certificates issued by Let's Encrypt. The application endpoints require an API key for reads.

Who data is shared with

• Plaid, Inc. — the bank aggregator used to connect to the linked institutions. Plaid receives the bank credentials during the OAuth flow and returns transaction data to Runtab. See Plaid's privacy policy.
• No one else. Runtab does not sell, share, or transmit personal financial data to advertisers, analytics providers, or any other third party.

How long data is kept

Indefinitely, until I delete it. There is no automated retention or deletion policy. Since I am both the operator and the sole user, retention decisions are entirely my own.

Cookies and tracking

This website uses no cookies, no analytics, no tracking pixels, and no third-party scripts other than the Plaid Link JavaScript SDK loaded on the card-linking page. Browser sessionStorage is used only to hold the Plaid link token across an OAuth redirect; it is cleared after a successful link.

Your rights

You can request access to, correction of, export of, or deletion of any personal data we hold about you. To exercise any of these rights, email admin@enterprisewebservice.com from the address associated with your account. We respond within 30 days.

Changes

Substantive changes to this policy are dated at the top. Plaid and any institutions Runtab connects to are notified of website changes via their standard review processes.