Runn takes your data security and privacy seriously
We take the protection of your personal information and data very seriously and make every effort to keep your data safe from loss, unauthorized activity, or other misuse. We use the latest software, strive to apply critical security updates within 24 hours, work with industry best practices and provide security training to our technical staff.
Runn’s security management system has been independently certified as SOC2 Type II compliant.
We continuously monitor compliance with our security policies and SOC2 security requirements using Vanta and provide public access to our real-time Monitoring and Trust Report to attest to our security posture. We can also provide a copy of our independent pentest results and SOC2 Audit Report for enterprise customers.
How Runn keeps your data secure
All data is transmitted to our systems via HTTPS encryption.
Two-factor authentication via Google login.
Runn maintains a secure cloud-based infrastructure hosted with Heroku. Our application and data is stored at their secure data centers in the Europe.
Heroku regularly undertakes third party penetration testing and vulnerability assessments. Read their full compliance regulations and certificates here.
All passwords are hashed using industry best practice (bcrypt) in our system and can not be viewed or decrypted by Runn staff.
We restrict staff access to production data and ensure our staff use two-factor authentication to access Runn's systems.
We adhere to coding best practices and all changes to Runn's software are checked by a second developer for any potential security issues.
We provide security training to all our technical staff.
Runn users can delete their Runn account and all information we hold about them.
Our systems are closely monitored for any suspicious activity and we automatically lock accounts that may have been compromised.