Privacy

Last updated April 2026.

Who operates Runtab

Runtab is a personal project operated by Dean Peterson. It has one user: me. There are no employees, contractors, or third parties with access to its data besides the service providers listed below.

What data Runtab collects

• Transaction data from credit card accounts I explicitly link via Plaid: merchant name, transaction date, amount, currency, pending/posted status, and the transaction's account identifier.
• Account metadata: account name, mask (last 4 digits), account type, and institution name.
• Plaid access tokens required to fetch further updates from linked institutions.

Runtab does not collect login credentials. The user authenticates with their bank through Plaid's OAuth flow; bank credentials never pass through Runtab.

Where data is stored

A SQLite database on a 1 GiB encrypted Ceph-backed persistent volume in a self-hosted OpenShift cluster. The cluster sits behind a firewall on a private network and is reachable publicly only through HTTPS-terminated routes with valid TLS certificates issued by Let's Encrypt. The application endpoints require an API key for reads.

Who data is shared with

• Plaid, Inc. — the bank aggregator used to connect to the linked institutions. Plaid receives the bank credentials during the OAuth flow and returns transaction data to Runtab. See Plaid's privacy policy.
• No one else. Runtab does not sell, share, or transmit personal financial data to advertisers, analytics providers, or any other third party.

How long data is kept

Indefinitely, until I delete it. There is no automated retention or deletion policy. Since I am both the operator and the sole user, retention decisions are entirely my own.

Cookies and tracking

This website uses no cookies, no analytics, no tracking pixels, and no third-party scripts other than the Plaid Link JavaScript SDK loaded on the card-linking page. Browser sessionStorage is used only to hold the Plaid link token across an OAuth redirect; it is cleared after a successful link.

Your rights

As the operator and sole user, I can access, correct, export, or delete any data at any time. If for any reason you have interacted with this service and want data removed, email peterson.dean@gmail.com.

Changes

Substantive changes to this policy are dated at the top. Plaid and any institutions Runtab connects to are notified of website changes via their standard review processes.