Security, privacy, and compliance—built into Runn

Your data is protected with industry-leading encryption, authentication, and compliance standards.

Effective date: 15 April 2025

Protect your data and ensure privacy & compliance

Runn is SOC 2 Type II certified and supports compliance with global privacy regulations, including GDPR, CCPA/CPRA, and other regional privacy legislations worldwide.

Your data is securely hosted on Salesforce Heroku in the US or EU, with strong encryption and regular security updates.

We secure our development processes end to end and undergo annual independent audits.

Compliance is continuously monitored with Vanta. Audit reports and penetration test results are available on request.

Want more details? Visit our Trust Center or view our Privacy Policy.

How Runn keeps your data secure

Every Runn subscription includes robust security measures to protect your data and ensure compliance with industry standards.

Data encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) to prevent unauthorized access.

Single Sign-On (SSO) & Multi-Factor Authentication (MFA)

Secure authentication via SAML or Google, with added protection through MFA.

Role-based access control (RBAC)

Set granular user permissions to control who can access and manage data.

Employee and vendor security

Strict access controls, training, and background checks for employees, with a robust vetting process for all vendors.

Regular security audits & penetration testing

Ongoing assessments to identify and mitigate vulnerabilities.

Multi-region hosting

Choose secure hosting with Salesforce Heroku in US or EU data center.

Backups and resilience

Continuous data backups with robust recovery measures and a tested incident response process.

Ongoing security monitoring

Real-time monitoring, automated threat detection, and firewalls to block unauthorized access.

Secure development

Code reviews, automated testing, dependency scanning, separate development/production environments, and supply chain security controls.
FAQ's

Have questions? We have answers

Does Runn undergo independent penetration testing?

Yes, Runn undergoes independent penetration testing at least once per year. Reports are available upon request.

Where is my data stored?

Your data is securely stored in Salesforce Heroku Europe-based or US-based data centers.

Do you store payment information?

Runn does not store credit card details, these are securely stored and processed by our payment provider Chargebee.

What security certifications does Runn have?

We are SOC 2 Type II certified and follow top security standards, including GDPR compliance.

How does Runn protect against unauthorized access?

We use Single Sign-On (SSO), Two-Factor Authentication (2FA), encrypted passwords, and strict internal access controls to secure your data.

What happens if I need to delete my data?

Customers can delete their Runn account and request complete data removal in accordance with privacy regulations.

What is your backup and data retention policy?

We keep point-in-time backups of your data for seven days and delete all data within 21 days after contract termination.

How can I report a security issue?

To report a security issue, please email us at security@runn.io — we’ll get back to you within 24 hours.

Where can I find more information (e.g. information security policies)?

If you have any questions about how we keep your data safe, visit our Trust Center, contact us at help@runn.io — or simply message us through our in-app chat.