Skip to content
RunWhen

Data Loss Prevention

This page summarizes RunWhen’s data loss prevention (DLP) posture. Detailed practices are described in related security documentation.

  • Data classification and handling — See Data Security Framework and Data Security and Privacy Policies for how we classify and protect enterprise configuration data, automation output, and metadata. Configuration data and automation output are anonymized before use by LLMs; PII and sensitive data are scrubbed via Microsoft Presidio.
  • Access control and least privilege — See Secure-By-Design Principles and Segregation of Duties. Production code and infrastructure changes require peer review and approval; access to production and to customer workspace data is restricted and audited.
  • Encryption and storage — Data in transit uses TLS; data at rest in RunWhen-managed storage is encrypted. Task output can be sent to customer-managed or RunWhen-managed encrypted storage (write-only signed URLs to GCP buckets).
  • Logging and monitoring — See Logging Controls Summary. Centralized audit logging and application-level logging support detection and response to anomalies.
  • Incident response — See Security Incident Response Procedures for how we respond to potential data incidents and notify affected users.

For materials not covered here, contact security-and-compliance@runwhen.com.