> TRUST_CENTER

Security at RunSales

Last updated: November 26, 2025

We know you are trusting RunSales with sensitive information about your deals, customers, and conversations. This page explains, at a high level, how we think about protecting that data.

This page is for general information only. In case of any conflict or ambiguity, our Terms of Service and Privacy Policy control.

> DATA_PROTECTION

How we protect your data

We are an early-stage company, but we take data protection seriously. Today, RunSales is built on a conservative, multi-tenant architecture with the following safeguards:

>Infrastructure

  • RunSales runs on reputable cloud providers (Vercel and managed Postgres).
  • All access to the app and APIs is over HTTPS.
  • We use security headers such as Content Security Policy (CSP), HSTS, and X-Frame-Options.

>Data at rest and in transit

  • Your data is stored in a managed Postgres database which encrypts data at rest.
  • All traffic between your browser and our servers is encrypted in transit using HTTPS.

// We do not implement our own custom cryptography; we rely on well-established cloud providers and standard protocols.

>Tenant isolation

  • All deal records, chat messages, intake jobs, and artifacts are tied to a specific tenant ID.
  • Database queries are written to always filter by the current tenant.

// We regularly review new queries and endpoints to ensure they respect tenant boundaries.

>Access control (internal)

  • Access to production data is limited and logged.
  • We use strong authentication for our own accounts and tooling.
  • No third-party direct access except as necessary to provide the service.

// Today we do not yet offer customer-facing MFA or SSO configuration. Those are on our roadmap.

> AI_DATA_POLICY

AI and your data

RunSales uses third-party AI providers (for example, Anthropic Claude) to power coaching, intake, and content generation features.

--what_we_dont_do.txt
  • -Use your private deal data to train public foundation models
  • -Sell your deal data to data brokers or ad networks
++what_we_may_do.txt
  • +Use data to operate the service (analysis, content generation)
  • +Use aggregated/anonymized info to improve RunSales

Our AI providers are instructed not to use API traffic from RunSales accounts for training their public models. We also apply configuration options (such as training opt-out headers) where provided by our AI vendors.

For full details, see the Data Use and AI sections of our Privacy Policy.

> APP_CONTROLS

Application-level controls

Validation & file handling

  • Validate uploaded files for size and type before processing
  • Files stored with opaque keys, tenant-specific
  • Call transcripts and email exports kept behind authentication

Logging & audit trails

We maintain logs for security-relevant events:

> Authentication events
> File uploads/deletions
> Background job execution
> Administrative actions
> ROADMAP_ITEMS

What we don't have yet

RunSales is early. Some controls that larger, mature vendors have are not yet in place. We prefer to be explicit about that:

// Not yet implemented - on roadmap
  • Configurable MFA / 2FA inside the app
  • SSO / SAML or SCIM user provisioning
  • Formal SOC 2 or similar third-party audit
  • Public bug bounty program

// We design our architecture with these future requirements in mind.

> INCIDENT_RESPONSE

Incident response

We design the system to minimize the likelihood and impact of security incidents, but no system is perfect.

If we become aware of a security incident that affects your data, we will:

  • 01Investigate and contain the issue
  • 02Assess the impact on your account
  • 03Notify you consistent with our legal obligations
  • 04Take steps to prevent similar issues going forward

Details such as notification timelines and channels are governed by our Terms of Service and Privacy Policy.

> RESPONSIBLE_DISCLOSURE

Found a vulnerability?

If you believe you have found a security vulnerability in RunSales, we'd like to hear from you.

Contact:
security@runsales.ai

Include in your report:

  • > Description of the issue
  • > Steps to reproduce
  • > Relevant logs or screenshots

Please do not publicly disclose the issue until we've had a chance to investigate and address it.

We appreciate responsible disclosure and may, at our discretion, publicly thank security researchers who help us make RunSales safer.

Back to home