Security and GDPR

Cloud-Runner is committed to keeping customer data safe and secure. If you discover a potential security issue with a Cloud-Runner service, we want to know!

If you are dealing with any European Union data through a vendor (like Cloud-Runner), then you need a contractual agreement in place with each vendor so the EU knows you’re only doing business with companies that fully comply with the General Data Protection Regulation (GDPR).


Cloud-Runner’s payment and card information is handled by Stripe, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.

Cloud-Runner does not typically receive credit card data, making it compliant with Payment Card Industry Data Security Standards (PCI DSS) in most situations.

2. Vulnerability Disclosure

If you would like to report a vulnerability or have any security concerns with a Cloud-Runner product, please contact This will give us a structured way to track and respond to your concerns, usually within 24 hours.

Include a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously. Once disclosures are received, we rapidly verify each vulnerability before taking the necessary steps to fix it. Once verified, we periodically send status updates as problems are fixed.

We also have an open bug bounty for critical vulnerabilities report.