Privacy Policy
Effective date: March 12, 2026
1. Introduction
This Privacy Policy describes how WorkerRun (workerrun.com), operated by KOOFFICE Inc. (株式会社KOOFFICE), collects, uses, and protects information when you use our service. WorkerRun is a self-hosted GitHub Actions runner platform that executes jobs on Cloudflare Workers infrastructure.
By using WorkerRun, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Account Information
When you sign in with GitHub OAuth, we receive and store your GitHub user ID, login name (username), avatar URL, and primary email address. This information is used to identify your account and provide the service.
Installation Information
When you install the WorkerRun GitHub App on your account or organization, we store the GitHub App installation ID and the associated account or organization name. This is required to route incoming GitHub Actions jobs to your account.
Usage Data
We record job execution counts using Cloudflare Analytics Engine. This aggregated data is used to enforce monthly plan limits and to improve service performance. We do not store individual job content in Analytics Engine — only counts per account.
Billing Information
If you subscribe to a paid plan, we store your Stripe customer ID and subscription status in our database. Payment card details are handled exclusively by Stripe and are never stored on WorkerRun servers. For Stripe's privacy practices, see stripe.com/privacy.
Technical Data
We use a single session cookie named __session to maintain your authenticated session. This cookie contains an HMAC-SHA256 signed JWT with an 8-hour expiry. We also receive webhook payloads from GitHub containing job details such as workflow name, repository name, and job ID, which are processed transiently to execute your jobs.
3. How We Use Your Information
We use collected information to:
- Authenticate you and maintain your session
- Route and execute GitHub Actions jobs on Cloudflare Workers on your behalf
- Enforce monthly job quotas according to your plan
- Process billing and manage your subscription
- Improve service reliability and performance
- Respond to support requests
- Comply with legal obligations
4. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We share data only with the following infrastructure and service providers:
- Cloudflare — compute (Workers), database (D1), key-value storage (KV), and analytics (Analytics Engine)
- GitHub — OAuth authentication and GitHub Actions job delivery via webhooks
- Stripe — payment processing for paid subscriptions
Each provider is subject to their own privacy policies and data processing agreements. We do not share your data with any other third parties.
5. Data Retention
We retain your account data (GitHub user information, installation data, and subscription status) for as long as your account is active. When you delete your account or uninstall the GitHub App, we delete your personal data from our database.
Usage data in Cloudflare Analytics Engine is stored as aggregated counts only. Webhook payloads from GitHub are processed in memory and are not persisted to long-term storage.
6. Security
We implement the following measures to protect your information:
- Each GitHub Actions job runs in a dedicated V8 isolate on Cloudflare Workers, providing strong isolation between workloads
- Session cookies are signed with HMAC-SHA256 and have a limited 8-hour lifetime
- All data in transit is encrypted via HTTPS/TLS enforced by Cloudflare
- Database access is restricted to the WorkerRun Worker through Cloudflare D1 bindings
- Secrets and tokens used in job execution are never persisted after the job completes
No method of transmission or storage is 100% secure. We strive to use commercially acceptable means to protect your data, but cannot guarantee absolute security.
7. Your Rights
In accordance with Japan's Act on the Protection of Personal Information (個人情報保護法) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate personal data
- Deletion — request deletion of your personal data
- Restriction — request restriction of processing of your personal data
- Portability — request transfer of your data in a machine-readable format
- Objection — object to processing based on legitimate interests
To exercise these rights, contact us at privacy@workerrun.com. We will respond within 30 days.
8. Cookies
WorkerRun uses a single cookie: __session. This is a strictly necessary cookie used solely for authentication purposes. It is an HTTP-only, secure, SameSite cookie containing a signed JWT that identifies your authenticated session. It expires after 8 hours.
We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.
9. Children's Privacy
WorkerRun is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at privacy@workerrun.com and we will take steps to delete such information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@workerrun.com
- Company: KOOFFICE Inc. (株式会社KOOFFICE)
- Website: kooffice.jp
12. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of Japan. Any dispute arising from or in connection with this policy shall be subject to the exclusive jurisdiction of the Chiba District Court (千葉地方裁判所) as the court of first instance.