Security Practices
Encryption in Transit & at Rest
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data stored in our databases is encrypted at rest using AES-256.
Access Controls
Access to production systems is restricted to authorised personnel using multi-factor authentication and role-based access controls. All access is logged and audited.
Infrastructure Security
Our infrastructure is hosted on enterprise-grade cloud providers with SOC 2 Type II certification. We apply security patches promptly and conduct regular vulnerability assessments.
Application Security
We follow OWASP secure development guidelines, conduct code reviews, and perform periodic security testing. Authentication uses industry-standard OAuth 2.0 protocols.
Incident Response
We maintain a documented incident response plan. In the event of a confirmed data breach affecting your personal information, we will notify affected users within 72 hours.
Data Minimisation
We collect only the data necessary to provide the Services. Assessment responses are used solely to generate your risk report and are not shared with third parties for commercial purposes.
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a potential security issue in our platform, we encourage you to report it to us responsibly. We commit to:
- Acknowledge your report within 2 business days
- Investigate and provide an update within 10 business days
- Not pursue legal action against researchers who act in good faith
- Credit researchers in our security acknowledgements (if desired)
Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. Do not access, modify, or delete data that does not belong to you.
Report a VulnerabilitySecurity Contact
TrustCyber Security Team
Email: [email protected]
For urgent security incidents, include "URGENT" in the subject line.