Security & trust

Built so your auditors, not just your engineers, sign off.

Runback's whole job is to make AI agents verifiable — so the platform itself has to hold up to a security review. Here is exactly what protects your data, what's shipped, and what isn't yet. No marketing asterisks.

What protects your data — today

Shipped today.

Redaction before egressLive

Secrets, API keys, JWTs, emails, card numbers (Luhn-checked) and SSNs are scrubbed inside your own application process — before a trace is sent anywhere. Even your backend never sees them. Two tiers (standard / strict), custom patterns, and key allow/deny lists.

Runtime policy enforcementLive

Deterministic policy rules run as an in-process pre-hook: a violating action (e.g. an unescalated $250 refund on a disputed charge) is blocked BEFORE it executes — no network in your agent's critical path. Every block is recorded as a hash-chained, re-runnable event: proof the control fired. The same rules can first be simulated against your history before you turn them on. The gate is application-layer control: it runs inside your process. Prompt injection that gains control of the application process can bypass it; infrastructure-layer isolation requires separate defence.

Tamper-evident auditLive

Every run exports as a SHA-256 hash chain (each event hashed over the previous), with a final content digest authenticated by HMAC-SHA256. Change one byte and verification fails. The digest also covers the run's replay oracle, so the record is re-executable, not just readable. HMAC proves integrity — see the roadmap below for the non-repudiation limitation.

Append-only ledgerLive

Org-wide, hash-chained log of every run's digest, with signed checkpoints carrying a Merkle root for inclusion proofs. An auditor can verify any single run belongs to the sealed history.

Self-host — data never leavesLive

Runback is a Next.js app and a Postgres database. Run the whole thing in your own VPC; traces are written to a store you own and never touch our servers. No telemetry call-home in the self-hosted core.

OIDC single sign-onLive

Enterprise SSO via OpenID Connect (Authorization Code flow), with issuer, audience and nonce verification against the IdP's JWKS. Works with Okta, Microsoft Entra ID, Google Workspace, Auth0 and Ping. Routed per-org by email domain.

Role-based access controlLive

Four roles — owner, admin, member, viewer — enforced on every privileged route. Ownership is protected: only an owner can grant owner, and the last owner can't be removed or demoted.

Secrets stored as hashesLive

API keys and session/magic-link tokens are never stored in the clear — only a non-secret prefix plus a SHA-256 hash. Session cookies are httpOnly, Secure and SameSite=lax with a bounded lifetime.

Tenant isolationLive

Every workspace is an isolated org. All data carries an org_id and queries are scoped to the caller's org; cross-org access is rejected at the route layer. Self-hosting gives each customer a dedicated database outright.

What isn't done yet

We'd rather you read it here than find it in the review.

Disclosing limits is part of being audit-grade. These are known gaps with a plan, not surprises.

Application-level field encryption at restRoadmap

Data at rest is protected by Postgres and disk-level encryption in your VPC. Application-level field encryption (column-level or envelope encryption in the app layer) is on the roadmap — not yet shipped. For regulated environments that require it, self-hosted deployment in your own KMS-backed VPC is the current path.

Database row-level securityRoadmap

Isolation is enforced in application code today. A database-level RLS backstop is on the roadmap as defence-in-depth — no committed date. Self-hosted deployments: PostgREST exposes an anon role with SELECT on all tables; if the PostgREST proxy port is ever exposed beyond internal services, an attacker with HTTP access could read all data. The anon role's access will be narrowed to a minimal allowlist, and RLS deny-by-default policies will provide a second enforcement layer.

Session revocation and rotationRoadmap

Session cookies are valid for 30 days with no sliding expiry, no rotation on privilege changes, and no admin-initiated revocation. A future release will add per-session revocation (sign out everywhere), automatic token rotation on privilege changes, and last-seen tracking. As an interim measure: if you suspect a session is compromised, contacting support@runback.dev will allow manual deletion of the session record.

Encrypted IdP secret at restRoadmap

The OIDC client secret is stored in the app database; envelope encryption at rest is on the roadmap — no committed date.

WORM storage + external timestampingRoadmap

HMAC proves integrity, not non-repudiation. Asymmetric signing and a third-party timestamp are on the roadmap for true non-repudiation — no committed date.

Additional data-residency regionsRoadmap

The managed cloud currently resides in the United States (US); self-host keeps data in your own region. EU and AU managed regions are on the roadmap — no committed date. Enterprise self-hosted is available now in any region.

For procurement & security teams

The documents your review needs.

A short kit so your assessment doesn't start from a blank page.

Security overview & CAIQ-lite

A one-page architecture & data-handling summary and a pre-filled questionnaire covering access, encryption, data flow and sub-processors. Open the procurement kit →

DPA & terms

A Data Processing Agreement, Terms of Service and Privacy Policy ready for your legal team. DPA available on request for signature.

Self-host = shortest path

The fastest security approval is the one where nothing leaves your perimeter. Run Runback in your own VPC and most reviews get short.

We join the review

On Enterprise, we sit in your security review and answer questions directly. Start one →

Put it in front of your security team.

Self-host so nothing leaves your perimeter, or start a review with us — we'll bring the documents.

Found a vulnerability? security@runback.dev — acknowledged within two business days.