Skip to content
SECURITY

How Ruunly keeps your website trustworthy

Last updated: May 11, 2026

Every Ruunly site lives on a shared platform. When one operator abuses that to host a phishing page or spam links, it damages the trust customers place in every other Ruunly site. So we screen what gets published — automatically, before bad content stays up.

Why this matters for your business

You signed up for Ruunly to run a service business — lawn care, cleaning, pool service. You did not sign up to have your professional website live next door to someone else's scam page. Search engines, browser safe-browsing lists, and email-provider reputation systems do not always distinguish neighbors on the same platform. If a malicious tenant slips a phishing form onto a Ruunly site, the fallout — Google Safe Browsing warnings, email deliverability drops, hosting blocklists — can splash onto operators who did nothing wrong.

Our job is to make sure that does not happen to you. Content scanning is one of the ways we do it.

What we scan when a page is published

Every time a tenant publishes a page on Ruunly, an automatic background scan runs against two independent checks:

  • Text content — the rendered page text is sent to OpenAI's moderation API (omni-moderation-latest) to detect categories such as harassment, sexual content involving minors, hate speech, and content promoting violence.
  • Outbound links — every external URL on the page (up to 50 per scan) is checked against Google Web Risk for known malware, social-engineering (phishing), and unwanted-software threats. Links back to Ruunly itself are excluded.

What happens when something is flagged

If either check trips, three things happen automatically:

  • 1.The scan result is persisted to our abuse-reports table with the reason (moderation, link-reputation, or both) and the specific flagged links.
  • 2.The tenant account is marked flagged with a timestamp and reason code, which routes the next publish through a stricter manual-review path.
  • 3.Our trust & safety team gets a real-time alert with a deep-link to the page and the flag reason, so a human can decide whether to keep the page up, request changes from the tenant, or take it down.

Invisible to honest operators

If you are running a normal service business — listing your services, taking bookings, linking to your social accounts — you will never see any of this. The scan runs in the background after publish, takes seconds, and only surfaces a review queue when something actually trips a check. There is no extra step, no pre-publish form to fill out, no "please wait while we review your website" delay. Your page goes live; the scan happens in parallel.

False positives can happen — a legitimate page that mentions a sensitive topic, or links to a site that was recently flagged elsewhere. When that happens, we review and clear it, usually within a business day.

What we do not do

  • We do not scan customer PII. The content scanner runs against your published marketing pages — the public-facing copy your site visitors see. It does not run against customer records, invoices, or anything inside the operator dashboard or the customer portal.
  • We do not use your content to train AI. OpenAI's API terms specify that data sent through the moderation endpoint is not used for model training. Google Web Risk receives only the raw URL of each external link, not your page content.
  • We do not share scan results with anyone except the affected tenant and our trust & safety team. If law enforcement asks, our standard legal-process policy applies — see the privacy policy for the full process.

The bigger picture: defense in layers

Content scanning is one layer in our trust & safety stack. It sits alongside HTML sanitization (every tenant-authored block is stripped of script tags, dangerous attributes, and unsafe URLs before it is even saved), a per-tenant Content Security Policy, automatic noindex on sites that have not crossed our content-quality threshold, and a Stripe-level chargeback monitor that auto-flags any connected account exceeding a 0.5% chargeback rate.

We do not claim to catch everything. We do claim that a Ruunly site is a safer place to send your customers than the median small-business website built on a template store with no review pipeline at all.

Reporting abuse

If you encounter a Ruunly-hosted page you believe is hosting harmful content or attempting to deceive visitors, please report it. We investigate every report, usually within one business day.

Email: [email protected] — please include the URL and a brief description.

See also: Acceptable Use Policy and DMCA notice procedure.

Trust and privacy are baked in

You should not have to choose between a fast, AI-built website and the confidence that the platform behind it is taking abuse seriously. Ruunly is built so that you get both by default.

Start your free 14-day trial

No credit card to start. $19/mo after trial. Cancel anytime.