Security, Moderation & Trust

Tamper-proof audit trails, AI-assisted moderation with human review, granular GDPR & KVKK controls, encrypted bring-your-own-key vaults, and a full on-prem option. Trust isn't a checkbox here - it's the architecture.

Trust, built into the architecture - not bolted on

Most platforms treat security and compliance as a settings page. We treat them as load-bearing walls. Every AI action is itemized and audited, every moderation decision is reviewable, every byte of your data is yours to export or erase - and when the cloud isn't an option, the whole platform runs on your own hardware, against your own models.

Talk to us about enterprise & on-prem · Read the security overview

Moderation that scales without losing the human

Bad content doesn't wait for business hours, and neither does our moderation pipeline. An AI policy engine screens every piece of user-generated content in real time, then routes anything borderline to a human review queue instead of silently deleting it. Reviewers see the full context, make the call, and every decision is recorded.

Moderation is routed by a tier-based router that picks the cheapest effective provider for the invoking user's plan - so screening is cost-efficient without cutting corners. CSAM scanning via PhotoDNA runs at every tier, with no bypass, ever. And because thresholds are set per tenant, an enterprise customer with a stricter risk appetite isn't forced to live with everyone else's defaults. You tune what gets flagged, what gets auto-actioned, and what always needs a human.

When the platform gets a call wrong, users aren't stuck. Abuse reports let anyone flag content, and appeal requests give a creator a formal path to contest a decision - each one a tracked object with a resolution, not an email into the void.

  • AI screening + human-in-the-loop - automatic triage, never a black box. Flagged items land in a review queue, not the void.
  • Per-tenant policy - customize what triggers a flag, the action taken, and the escalation path for your organization.
  • Fraud & abuse signals - suspicious payments, volume spikes, and anomalous access surface as risk signals before they become incidents.

Fraud and abuse, caught early

Underneath moderation sits a risk engine. Defined risk-signal types - a sudden volume spike, a payment that doesn't fit the pattern, access from somewhere unexpected - fire as structured signals the moment they're detected, and severe ones escalate to a fraud alert. Because the signals are explicit and scored, you can tune sensitivity and see why something was flagged, instead of trusting an opaque "trust score."

Your data, your rules - GDPR & KVKK first-class

Privacy here isn't an "accept all" banner. Consent is tracked per category - marketing, analytics, personalization - each with its own version history and a clean revoke trail. When a user asks for their data, the request is a first-class object: we generate the export, schedule the erasure, and notify them when it's done. Erasure does the right thing per data type - content is hard-deleted, while financial and audit records are anonymized and retained, because the law requires both.

Whether you answer to the GDPR, Turkiye's KVKK, or an internal auditor, the paperwork is already done - because the platform produces it automatically.

  • Data-subject requests - formal access, portability, and erasure flows that run end-to-end, not a support ticket.
  • Granular consent - opt in or out per category, with full revoke history. No more all-or-nothing toggles.
  • Retention you control - per-entity retention policies so data lives exactly as long as it should, and no longer.

Zero-knowledge keys and a tamper-proof record

Bring your own provider keys and we'll route your AI calls through them - but we never see them decrypted. Credentials sit encrypted at rest in a per-tenant vault, and every single access is logged and alertable. An API key touched a dozen times in a minute? That's a signal, and the vault can act on it.

Under it all sits a hash-chained audit log: each entry is cryptographically linked to the one before it, so tampering is mathematically detectable. A nightly job re-walks the chain and raises the alarm if a single record has been altered. The same discipline runs through billing - every AI call writes exactly one immutable record with a full pricing snapshot - so the financial trail is as tamper-evident as the security one. For a bank or a regulator, that's the difference between "trust us" and "verify it yourself."

  • Encrypted BYOK vault - your provider keys, encrypted at rest, never exposed in plaintext to the platform.
  • Access auditing & alerts - every credential read is logged; abnormal patterns trigger alerts automatically.
  • Hash-chained audit log - tamper-evident, append-only history that a nightly integrity check verifies for you.

When the cloud isn't an option, run it yourself

Some industries can't send data anywhere - and for them, ToRun ships as a full on-premise deployment. One command spins up the entire platform on your own hardware, inside your own network, pointed at your own local models so no prompt or document ever leaves your walls. The audit trail stays tamper-proof under your control, and your auditors can inspect the running system directly.

For the most regulated environments, a source-code license puts the platform's code in your hands - perpetual, unlimited internal seats - paired with an ongoing Platform Evolution subscription so new models, providers, and security hardening keep flowing in. A signed auto-update channel keeps you current without a migration project, and optional source-code escrow gives you continuity guarantees on top.

  • Full on-prem deployment - the complete platform in your own VPC or data center, on your own models. Zero data leakage by design.
  • Source-code license - perpetual code access for banks and regulated industries, with bundled architect advisory.
  • Escrow & continuity - optional source escrow so your operation is protected no matter what happens upstream.

The full on-prem story - local LLMs, one-command install, licensing tiers - is on the On-Prem & Self-Hosted page.

Highlighted capabilities

  • AI moderation + human review bi-funnel - real-time AI screening triages every post; borderline content routes to a human queue instead of disappearing.
  • Per-tenant policy bi-sliders - set your own moderation thresholds, actions, and escalation paths. Your risk appetite, not a one-size-fits-all default.
  • GDPR & KVKK requests bi-person-badge - access, portability, and erasure as first-class flows. The export is generated and the erasure scheduled automatically.
  • Granular consent bi-toggles - opt in or out per category, each with full version and revoke history.
  • Zero-knowledge BYOK vault bi-shield-lock - your provider keys stay encrypted at rest and never seen in plaintext. Every access is logged and alertable.
  • Hash-chained audit log bi-link-45deg - a tamper-evident, append-only record. A nightly integrity check re-walks the chain and flags any alteration.

Built for the audits you hope you never have

From a startup's first compliance review to a bank's regulatory inspection, the platform is ready before the auditor walks in.

Talk to our team · Explore enterprise plans

Trust architecture: a tier-based moderation router with mandatory CSAM scanning at every tier over an encrypted BYOK vault foundation.
Trust architecture: a tier-based moderation router with mandatory CSAM scanning at every tier over an encrypted BYOK vault foundation.
Back to all features

Get product updates, not noise

New models, features, and changelog highlights - a short email when something actually ships.

Subscribe
ToRun

Every AI model, one transparent interface - yours to own.

© 2026 ToRun. All rights reserved.