Corunner logoCorunner

Security & Trust

Acts fast. Stays trustworthy.

Corunner is enterprise software, not a hosted assistant. Human approval is the default on high-stakes actions. Your memory belongs to you. Your data never trains shared models. This page describes how concretely.

Talk to Securitysecurity@corunner.ai
SOC 2 Type IIGDPRSSO / SAMLRole-aware accessData residencyAudit trail

A note on certifications

Built to the standards. Pre-certification, but not pre-architecture.

Corunner is engineered to the SOC 2 Type II and GDPR frameworks from day one — the controls, the architecture, and the processes described on this page are in production today. Formal third-party audits are scheduled as part of our public-launch roadmap. If you want the full architecture review now, including DPA template and questionnaire responses, email security@corunner.ai.

How Corunner stays safe

Trust by construction.

Human-in-the-loop, by default

Every action Corunner takes that touches a production system, a customer, or a person routes through an approval card with rationale and citations. Acts fast. Stays accountable.

  • Per-action approval policy, configured at onboarding
  • Rationale + sources surfaced on every proposed action
  • One-click Approve / Edit / Reject in Slack, Teams, Chat, or email
  • Auto-deny on stale context after a configurable timeout

Your memory, your control

Organizational memory is yours. Encrypted at rest with per-tenant keys. Permission-aware reads honor your existing access controls. Exportable on request.

  • Per-tenant encryption keys (AES-256 at rest)
  • Access controls inherited from source systems
  • Full export in machine-readable format
  • Per-employee redaction and right-to-be-forgotten

No training on your data

Multi-model routing across frontier and open-source models. Customer data is never used to train shared models guaranteed contractually with every model provider on the routing path.

  • Contractual no-training guarantees with every routed model
  • US-hosted inference for open-source paths
  • Model selection auditable per request
  • Routing constraints configurable for regulated workloads

Architecture

Designed so the safe path is the default path.

The Corunner architecture is opinionated about safety. Every request inherits permissions. Every action is auditable. Every model route is constrained.

Permission-aware reasoning

When Corunner reasons over your stack, it queries source systems with the actor's own credentials and access boundaries. Corunner cannot read what the operator cannot read.

Multi-model routing

Tasks are routed to the right model — frontier or open-source, US-hosted — based on sensitivity, latency, and cost. Routing decisions are auditable and configurable.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest with per-tenant keys. Customer-managed keys (CMK) supported on Enterprise.

Tenant isolation

Strict logical isolation between tenant memories, embeddings, and inference contexts. No cross-tenant prompts, no shared caches.

Continuous observability

Every Corunner action emits structured audit events to your SIEM. Real-time anomaly detection flags unusual access patterns to the admin web app.

Safe defaults

Read-only mode by default on new integrations. Write access is opt-in, scoped per connector, and surfaces in every approval card.

Compliance posture & roadmap

Where we stand, line by line.

Capabilities marked Available now are in production today. Certification frameworks marked Built to are architectural commitments engineered into the product; formal third-party audits are scheduled and progress can be shared on request.

SOC 2 Type II
Built to the framework · audit on roadmap
Engineered around the SOC 2 Trust Services Criteria security, availability, processing integrity, confidentiality, and privacy. Formal Type II audit scheduled as we approach broader GA.
GDPR
Built to comply · DPA available
Engineered with GDPR principles — purpose limitation, data minimization, transparency, and data subject rights. Data Processing Agreement template available for early customers.
SSO / SAML
Available now
Sign in is via your workspace identity — Slack, Microsoft (covers Teams), or Google (covers Google Chat / Workspace). Enterprise customers can additionally enable SAML 2.0 SSO via Okta, Azure AD, Google Workspace, or custom IdPs.
Role-aware access
Available now
Corunner inherits the permissions of the user it acts on behalf of. Never escalates.
Data residency
Available now (US) · EU on roadmap
All storage and inference run in the US region today. EU residency is on the roadmap. Custom regions on Enterprise plans after EU GA.
Audit trail
Available now · append-only
Every action — proposed, approved, edited, or rejected — is logged with full context and operator identity.

Data handling

What we keep. Where we keep it. How you delete it.

What we store

Organizational memory entries (decisions, owners, terminology, history) and minimal operational metadata. Source-system content is referenced, not duplicated, wherever possible.

Where we store it

All storage and inference run in the US region today. EU residency is on our near-term roadmap; we will notify customers ahead of opening it. Storage and inference are always co-located in the chosen region. Customer-managed keys available on Enterprise.

How long we keep it

Memory persists for the lifetime of the contract by default. Per-entry and per-employee retention policies configurable through the admin web app.

How to delete it

Single-employee redaction, per-entry deletion, and full-tenant export-and-purge are all available from the admin web app. Deletes propagate end-to-end within 30 days.

Responsible disclosure

Report a vulnerability.

Found something? We respond to coordinated disclosure within one business day. We don't pursue legal action against good-faith research.

PGP fingerprint: Available on request.

Email security@corunner.aiContact sales

Acts fast. Stays trustworthy.