Skip to main content
TorchRunner holds finance and operations data for multiple companies at once. We treat that responsibility as central to the product, not a checkbox. This page states our posture plainly, including what is in progress and what is not yet finished.

Data and tenancy

TorchRunner is multi-tenant with strict isolation between workspaces. Your practice’s data, and each of your clients’ data, is segregated and access-controlled. The workspace reads from sources you connect and acts only under your direction.

Security questionnaires

We maintain a completed security questionnaire and can provide it on request during evaluation. If your client’s procurement process requires a vendor security review, we are set up to support it.

SOC 2

We are progressing toward SOC 2 Type I. An observation period is underway. We will not represent TorchRunner as “SOC 2 compliant” until a report has been issued by the auditor, because that claim is only true once the report exists. We would rather tell you exactly where we are than imply more than is true.
If SOC 2 status is a gating requirement for an engagement you are bringing TorchRunner into, contact us directly. We can walk you and your client’s reviewer through the current state and timeline.

Trust Center

Our Trust Center is the single source of truth for current security documentation, subprocessors, and compliance status. It supersedes anything stated here if the two ever differ.

Reporting a concern

If you find a security issue, report it to our security contact and we will respond promptly.