Security at RUN1T

Your business data is critical. Here's how we protect it at every layer — from encryption to infrastructure to access controls.

Encryption

  • SSL/TLS encryption on all connections (HTTPS enforced)
  • Data encrypted at rest in our database
  • Passwords hashed with bcrypt (never stored in plain text)
  • API keys and secrets stored in encrypted environment variables

Authentication & Access

  • Authentication powered by Clerk (SOC 2 compliant)
  • Role-based access control on all protected routes
  • Session tokens with automatic expiration
  • All dashboard, POS, and admin routes require authentication

Infrastructure

  • Hosted on Vercel — enterprise-grade edge network
  • Database on Supabase — SOC 2 Type II certified, encrypted backups
  • Row-level security (RLS) policies enforce data isolation
  • Automatic failover and redundancy

Security Headers

  • Strict-Transport-Security (HSTS) enforced
  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY (prevents clickjacking)
  • Referrer-Policy: strict-origin-when-cross-origin
  • Content-Security-Policy configured per deployment

Data Privacy

  • Your data is yours — we never sell or share it
  • Data export available on request
  • 30-day data retention after account termination
  • Full privacy policy available at /privacy

Ongoing Practices

  • Dependencies audited and updated regularly
  • Security patches applied within 48 hours of disclosure
  • Protected routes excluded from public sitemap and search indexing
  • API endpoints validate input and reject malformed requests

Have a security concern?

If you discover a vulnerability or have a security question, contact us immediately at hello@run1t.com