Book a meeting
Compliance

Built for regulated workloads.

SOC 2 Type 2, HIPAA, and ISO 27001 Ready. On-prem and customer-managed deployment available.

Posture

Where each framework stands.

01

SOC 2 Type 2

Runlog is built to the SOC 2 Type 2 trust services criteria covering security, availability, processing integrity, confidentiality, and privacy. Controls are in place across access management, encryption, change management, incident response, and vendor risk. We are actively pursuing the formal Type 2 attestation.

02

HIPAA

Our infrastructure and operational practices are HIPAA Ready. Encryption in transit and at rest, audit logging, role-based access control, and a Business Associate Agreement is available on request for customers handling PHI.

03

ISO 27001 Ready

Our information security management system is aligned to ISO/IEC 27001 controls. Risk assessments, asset management, and continuous improvement loops follow the ISO framework end to end.

04

On-prem and customer-managed deployment

For customers who require their data and inference to never leave their own perimeter, Runlog ships an on-prem deployment built on the same Firestore and Cloud Storage primitives as our managed offering. Document IDs and content are encrypted at rest with a customer-held key, the relay runs inside the customer's VPC, and all model traffic is routed through the customer's own LLM provider account. Standard zero data retention provider terms apply for the cloud variant; in the on-prem variant nothing ever leaves the customer's infrastructure.

05

Data residency and deletion

Customer data lives in customer-isolated namespaces. Hard-delete is one click and cascades through every derived asset (chunks, embeddings, conclusions, observations). Nothing is retained after deletion.

Talk to us

Need a security questionnaire, a BAA, or a sub-processor list? We reply within one business day.

security@runlogai.com