Security

Effective date: 2 August 2022

Runn takes your data security and privacy seriously

We take the protection of your personal information and data very seriously and make every effort to keep your data safe from loss, unauthorized activity, or other misuse. We use the latest software, strive to apply critical security updates within 24 hours, work with industry best practices and provide security training to our technical staff.

Runn’s security management system has been independently certified as SOC2 Type II compliant.

We continuously monitor compliance with our security policies and SOC2 security requirements using Vanta and provide public access to our real-time Monitoring and Trust Report to attest to our security posture. We can also provide a copy of our independent pentest results and SOC2 Audit Report for enterprise customers.


How Runn keeps your data secure

  1. All data is transmitted to our systems via HTTPS encryption.
  2. Two-factor authentication via Google login.
  3. Runn maintains a secure cloud-based infrastructure hosted with Heroku. Our application and data is stored at their secure data centers in the Europe.
  4. Heroku regularly undertakes third party penetration testing and vulnerability assessments. Read their full compliance regulations and certificates here.
  5. All passwords are hashed using industry best practice (bcrypt) in our system and can not be viewed or decrypted by Runn staff.
  6. We restrict staff access to production data and ensure our staff use two-factor authentication to access Runn's systems.
  7. We adhere to coding best practices and all changes to Runn's software are checked by a second developer for any potential security issues.
  8. We provide security training to all our technical staff.
  9. Runn users can delete their Runn account and all information we hold about them.
  10. Our systems are closely monitored for any suspicious activity and we automatically lock accounts that may have been compromised.
  11. You can control what your users can see and do in Runn with nuanced access permissions.
  12. We are prioritising security updates, and are releasing any security patches as soon as practical (generally within 24 hours).
  13. We are running the latest version of software whenever possible.
  14. Credit card information is held by and processed by Chargebee which provides an extra layer of security around financial information. Read their compliance regulations here.


Additional optional security

We provide the option of additional security for enterprise customers at an additional cost.

  1. Data can be stored on an isolated system that contains only a single account.
  2. Audit of our system by a 3rd party security vendor.

How can I find out more information?

If you have any questions about security and how we are keeping your data safe, please reach out via the in-app chat or by sending us an email to help@runn.io

How can I report a security issue?

Email security@runn.io with the issue and any related details.A team member will get back to you as soon as possible, usually within 24 hours.

Runn does not offer a bug or security bounty program at this time.