Built secure, by design.
SOC 2 Type I
Independently attested, unqualified opinion.*
SOC 2 Type II
In progress.
Single-tenant by design
Every organization gets its own dedicated VM and encrypted storage volume.
Encrypted end to end
TLS 1.2+ in transit, AES-256 at rest with Azure-managed keys.
*Attested by MNP LLP, an independent CPA firm, with an unqualified opinion on control design as of January 1, 2026.
Connected on your terms
Every integration runs on permissions you grant.
Every connection is authorized by you and scoped by OAuth permissions, explicit sharing, or the API-key access level you control, and any of them can be revoked at any time.
How a connection actually works
Data handling
What Runneth does. What it never does.
Does
Does not
Only the right people, with the least access they need.
Authentication
Google OAuth 2.0 / OIDC today. SAML 2.0 on the roadmap.
Multi-factor authentication
Enforced for all internal staff and all privileged and production access.
Role-based access
Least-privilege RBAC with unique IDs and no shared accounts.
Credential hygiene
Company-wide password manager mandated, with quarterly privileged-access reviews.
The questions we get most.
How is our data encrypted?
TLS 1.2+ in transit and AES-256 at rest with Azure-managed keys; secrets in Azure Key Vault. Hosted in Microsoft Azure, Canada Central. Network protected by Azure Firewall, WAF, and Cloudflare, with per-environment virtual networks and segmentation.
Do you support SSO?
Google OAuth 2.0 / OIDC today. SAML 2.0 on the roadmap.
Is MFA enforced?
2FA can optionally be enabled on your account by an admin.
How is access controlled?
Least-privilege RBAC, unique IDs, no shared accounts; privileged access reviewed quarterly.
Where is our data hosted?
Microsoft Azure, Canada Central. Processing spans Canada and the US. PIPEDA applies.
What data does Runneth process, and how is PII handled?
No PII is handled through advertising platforms. For integrations, an authorized user in your organization connects, or asks us to connect, a third-party integration they already have access to. That integration exposes files or data to Runneth only through explicit sharing, OAuth scopes and permissions, or API-key access level. Shared data may be saved on your VM when the agent needs it to do the work, or when you direct it to be saved. Data from custom integrations is stored only on your dedicated, single-tenant storage volume attached to your organization’s own VM. That volume is encrypted at rest with Azure-managed keys, and the VM only allows access to authenticated and authorized users of your organization. Saved data is retained for the lifetime of your Motion account unless a user directs it to be deleted.
Are you SOC 2 certified?
Runneth has a SOC 2 Type I attestation with an unqualified opinion as of January 1, 2026. A Type II observation period is in progress. Report under NDA.
What is your data retention and deletion policy?
While active, saved data persists. After your account is removed, data is retained for up to 18 months and then fully deleted. You can request deletion at any time.