Built for production workloads.
Security is foundational to Runtype, not an afterthought. Here's how we protect your data and your users' data.
Encryption at Rest
All sensitive data is encrypted using AES-256-GCM. API keys, credentials, and secrets are sealed before storage.
Encryption in Transit
All connections use TLS 1.3. No plaintext data crosses the network.
Infrastructure
Hosted on Cloudflare Workers (V8 isolates) and Vercel, with PlanetScale for database. No shared compute environments.
Authentication
Powered by Clerk with MFA support. Session tokens are short-lived and rotated automatically.
Code Execution
User-defined code runs in sandboxed V8 isolates (Cloudflare Workers) with strict memory and time limits.
Data Isolation
Each organization's data is logically isolated at the database level. No cross-tenant data access.
Protected Parameters
Tool credentials are encrypted with AES-256-GCM, hidden from the AI model, and injected automatically at execution time. The AI never sees your secrets.
Local Execution
Tools can execute locally — in the browser, on a CLI, or on-prem. Sensitive data stays in your environment while agent reasoning runs in the cloud.
If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will review them immediately. Expect a response within 48 hours.