Privacy Policy

Last updated: June 21, 2026

RedRun provides detection-only security testing for web apps, APIs, and AI features. This policy explains what we collect, why, who we share it with, and the choices you have. We keep it short and accurate - we'd rather say less and mean it.

01Who we are

RedRun ("RedRun", "we", "us") operates the websites redrun.app, scan.redrun.app, and app.redrun.app, and the underlying scanning service. Questions or requests: bekedil072@gmail.com.

02Information we collect

We do not intentionally collect special-category personal data, and we ask that you not submit it. The free scan can be run with just an email address for report delivery.

03How we use it

We do not sell your personal data, and we do not use it for third-party advertising.

04How scan data is handled

RedRun is detection-only. We probe to prove a vulnerability with the exact request and response, then stop - we do not exfiltrate data, escalate, or run destructive payloads. Active (intrusive) scans run only against domains you have verified you own or are authorized to test. We store the captured evidence so you can reproduce and remediate each finding.

05Service providers (subprocessors)

We share data with a small set of providers strictly to run the service:

Each provider is bound by its own data-processing terms. We may also disclose information if required by law or to protect the rights, safety, and security of RedRun and its users.

06Retention

We keep your account and scan data while your account is active and as needed to provide the service. You can delete scans, or ask us to delete your account and associated data, at any time by contacting us. We retain limited security and audit logs for a reasonable period to protect the service.

07Security

We protect data in transit with TLS, hash passwords with bcrypt, scope each user's data to their account, encrypt database backups, and restrict the scanner's network egress so it can only reach the targets you authorize. No system is perfectly secure, but security is the core of what we do and we treat our own posture accordingly.

08Your rights

Depending on where you live (e.g. the EEA/UK under GDPR, or California under the CCPA/CPRA), you may have the right to access, correct, delete, export, or object to the processing of your personal data. To exercise any of these, email bekedil072@gmail.comand we'll respond within the time required by applicable law.

09Cookies & local storage

We use browser local storage to keep you signed in (a session token). We do not use third-party advertising or cross-site tracking cookies. Any analytics we use are limited to understanding aggregate product usage.

10International transfers & children

Our providers may process data in the United States and other countries; where required, transfers rely on appropriate safeguards. RedRun is not directed to children and is not intended for anyone under 16.

11Changes

We may update this policy as the service evolves. We'll change the "last updated" date above and, for material changes, take reasonable steps to notify you.

Note:This policy was written in good faith to describe, honestly, how RedRun handles your data. RedRun is an early-stage product, so this policy hasn't been formally reviewed by legal counsel yet - we keep it current as the product evolves. If anything here is unclear, reach out.