RunwayCalRunwayCal
Security

Financial data deserves operational-grade security.

RunwayCal handles sensitive financial data with encryption, access controls, and infrastructure practices designed for trust.

Encryption at rest and in transit

All data encrypted with TLS in transit. Stripe API tokens encrypted at rest using Fernet symmetric encryption.

Role-based access controls

Team members can be assigned viewer, editor, or admin roles. Board viewers get read-only access via secure tokens.

Authentication

Supabase authentication with email + Google OAuth. Session management with automatic token refresh.

Read-only Stripe access

RunwayCal connects to Stripe via restricted API keys with read-only permissions. No write access to your Stripe account.

Multi-currency, no data export

Financial data stays within RunwayCal. 35+ currencies supported with display-only formatting.

Audit-ready exports

All exports (PDF, CSV, PPTX) are generated from your deterministic data. Board viewer links expire after 30 days.

Infrastructure

RunwayCal runs on Vercel (frontend), Railway (backend API), and MongoDB (database). All services hosted in managed cloud environments with automatic scaling, monitoring, and encrypted connections.

Your data, your control.

You can request full data deletion at any time via Settings → Account → Delete Account. This permanently removes all organization data including team, deals, treasury, scenarios, and snapshots.

Security concerns?

If you discover a security vulnerability, please contact us at security@runwaycal.com. We take every report seriously and will respond within 48 hours.

Financial clarity with operational-grade security.

Start free