Security

Last updated: April 13, 2026

We take reasonable steps to protect Runlo and our users. This page explains how to report security concerns and what you can expect from us.

No bug bounty or rewards

Runlo does not operate a bug bounty program and does not offer rewards, bounties, or compensation of any kind for vulnerability reports, security research, or responsible disclosure submissions. That includes cash, credits, swag, public recognition, or any other benefit tied to finding or reporting issues.

If you contact us about a security issue, you should not expect payment or a formal bounty status. We may acknowledge valid reports and work to fix issues at our discretion, but we make no commitment to do so within a particular timeline.

How to report a security issue

If you believe you have found a security vulnerability affecting Runlo's website, applications, or infrastructure, email us at support@tryrunlo.com with:

• A clear description of the issue and its potential impact;
• Steps to reproduce, including URLs, request details, or screenshots where helpful;
• Your contact information so we can follow up if needed.

Please do not publicly disclose a vulnerability before we have had a reasonable opportunity to investigate. We appreciate coordinated disclosure when possible.

What we ask researchers not to do

Unless we have given you written permission in advance, do not:

• Access, modify, or delete data that does not belong to you, including other users' accounts or workspaces;
• Perform denial-of-service attacks, spam our systems, or use automated scanners in a way that degrades the Service for others;
• Use social engineering, phishing, or physical attacks against Runlo, our staff, or our users;
• Test third-party services (for example, LinkedIn, Reddit, payment providers, or model providers) through Runlo in ways that violate their terms;
• Exploit a finding beyond what is necessary to demonstrate the issue safely.

Activity that violates our Terms of Service or applicable law is not authorized, even if your intent is research.

Safe harbor (limited)

If you report a potential vulnerability in good faith, follow this page, avoid the prohibited activities above, and do not violate law or third-party rights, we will not pursue legal action against you solely for that research activity. This safe harbor does not apply if you exfiltrate data, harm users, extort us, or demand payment. We may still involve law enforcement or platform providers where appropriate.

Account and product security

You are responsible for protecting your Runlo account credentials and for reviewing AI-generated drafts before you publish or send anything on external platforms. Runlo does not post, message, or outreach on your behalf. See our Terms of Service for platform-specific risks related to lead discovery agents Eva and Leo.

Data protection

For how we collect, use, and retain personal information, see our Privacy Policy.

Contact

Security reports and questions about this page: support@tryrunlo.com