Your data.
Your institution's data.

What data we process

BookRunner processes data on behalf of its institutional clients (the banks and ECM/DCM teams using the platform). This includes investor contact information provided by the institution, conversation content generated during bookbuilding, and operational metadata (timestamps, message delivery status, banker actions).

BookRunner does not collect data directly from investors for its own purposes. All investor data is owned by the institution that provided it and processed solely to operate the platform on that institution's behalf.

How data is used

Data is used exclusively to operate the BookRunner platform for the institution that provided it — to conduct investor conversations, track thread progress, generate banker notifications, and maintain the audit log required for compliance purposes.

BookRunner does not use institutional or investor data to train AI models, to build cross-institutional datasets, or for any purpose beyond operating the platform for the specific institution whose data it is.

No data is sold, licensed, or shared with third parties for commercial purposes under any circumstances.

Data residency

BookRunner supports in-region data residency for institutional clients. Data is processed and stored within the configured region unless the institution explicitly consents to cross-region processing. Region configuration is established at onboarding and documented in the data processing agreement.

Retention & deletion

Institutions may request deletion of their data at any time. Upon termination of a BookRunner engagement, institution data is deleted within 30 days unless a longer retention period is required by applicable law or agreed in the data processing agreement.

Audit logs required for regulatory compliance may be retained for the period required by the applicable regulator (ISA, MAS, MiFID II, SEC) and are not subject to early deletion requests where retention is legally mandated.

Investor rights

Investors who receive communications via the BookRunner platform and wish to exercise data rights (access, correction, deletion, or objection to processing) should contact the institution that sent the communication — the bank or ECM/DCM desk that engaged BookRunner. The institution is the data controller for investor data.

BookRunner will cooperate fully with institutions responding to investor data rights requests.

Data deletion requests

To request cancellation of your data and deletion of any personal information BookRunner holds about you, contact us at legal@bookrunner.app. We will action all deletion requests within 30 days. You may also request confirmation that your data has been deleted.

If you are an investor who received a communication via the BookRunner platform, direct your deletion request to the institution (bank) that sent the communication — they are the data controller for your data. BookRunner will cooperate fully with any such request.

Full documentation

BookRunner is currently in a private pilot. A full Data Processing Agreement, Privacy Impact Assessment, and jurisdiction-specific compliance documentation is available to prospective partners under NDA.