Runback's whole job is to make AI agents verifiable — so the platform itself has to hold up to a security review. Here is exactly what protects your data, what's shipped, and what isn't yet. No marketing asterisks.
Secrets, API keys, JWTs, emails, card numbers (Luhn-checked) and SSNs are scrubbed inside your own application process — before a trace is sent anywhere. Even your backend never sees them. Two tiers (standard / strict), custom patterns, and key allow/deny lists.
Deterministic policy rules run as an in-process pre-hook: a violating action (e.g. an unescalated $250 refund on a disputed charge) is blocked BEFORE it executes — no network in your agent's critical path. Every block is recorded as a hash-chained, re-runnable event: proof the control fired. The same rules can first be simulated against your history before you turn them on. The gate is application-layer control: it runs inside your process. Prompt injection that gains control of the application process can bypass it; infrastructure-layer isolation requires separate defence.
Every run exports as a SHA-256 hash chain (each event hashed over the previous), with a final content digest authenticated by HMAC-SHA256. Change one byte and verification fails. The digest also covers the run's replay oracle, so the record is re-executable, not just readable. HMAC proves integrity — see the roadmap below for the non-repudiation limitation.
Org-wide, hash-chained log of every run's digest, with signed checkpoints carrying a Merkle root for inclusion proofs. An auditor can verify any single run belongs to the sealed history.
Runback is a Next.js app and a Postgres database. Run the whole thing in your own VPC; traces are written to a store you own and never touch our servers. No telemetry call-home in the self-hosted core.
Enterprise SSO via OpenID Connect (Authorization Code flow), with issuer, audience and nonce verification against the IdP's JWKS. Works with Okta, Microsoft Entra ID, Google Workspace, Auth0 and Ping. Routed per-org by email domain.
Four roles — owner, admin, member, viewer — enforced on every privileged route. Ownership is protected: only an owner can grant owner, and the last owner can't be removed or demoted.
API keys and session/magic-link tokens are never stored in the clear — only a non-secret prefix plus a SHA-256 hash. Session cookies are httpOnly, Secure and SameSite=lax with a bounded lifetime.
Every workspace is an isolated org. All data carries an org_id and queries are scoped to the caller's org; cross-org access is rejected at the route layer. Self-hosting gives each customer a dedicated database outright.
Disclosing limits is part of being audit-grade. These are known gaps with a plan, not surprises.
Data at rest is protected by Postgres and disk-level encryption in your VPC. Application-level field encryption (column-level or envelope encryption in the app layer) is on the roadmap — not yet shipped. For regulated environments that require it, self-hosted deployment in your own KMS-backed VPC is the current path.
Isolation is enforced in application code today. A database-level RLS backstop is on the roadmap as defence-in-depth — no committed date. Self-hosted deployments: PostgREST exposes an anon role with SELECT on all tables; if the PostgREST proxy port is ever exposed beyond internal services, an attacker with HTTP access could read all data. The anon role's access will be narrowed to a minimal allowlist, and RLS deny-by-default policies will provide a second enforcement layer.
Session cookies are valid for 30 days with no sliding expiry, no rotation on privilege changes, and no admin-initiated revocation. A future release will add per-session revocation (sign out everywhere), automatic token rotation on privilege changes, and last-seen tracking. As an interim measure: if you suspect a session is compromised, contacting support@runback.dev will allow manual deletion of the session record.
The OIDC client secret is stored in the app database; envelope encryption at rest is on the roadmap — no committed date.
HMAC proves integrity, not non-repudiation. Asymmetric signing and a third-party timestamp are on the roadmap for true non-repudiation — no committed date.
The managed cloud currently resides in the United States (US); self-host keeps data in your own region. EU and AU managed regions are on the roadmap — no committed date. Enterprise self-hosted is available now in any region.
A short kit so your assessment doesn't start from a blank page.
A one-page architecture & data-handling summary and a pre-filled questionnaire covering access, encryption, data flow and sub-processors. Open the procurement kit →
A Data Processing Agreement, Terms of Service and Privacy Policy ready for your legal team. DPA available on request for signature.
The fastest security approval is the one where nothing leaves your perimeter. Run Runback in your own VPC and most reviews get short.
On Enterprise, we sit in your security review and answer questions directly. Start one →
Self-host so nothing leaves your perimeter, or start a review with us — we'll bring the documents.
Found a vulnerability? security@runback.dev — acknowledged within two business days.