top of page

Security

We take security of the platform and your personal data very seriously

​

Last updated: 22 February 2024

DATA AND INFORMATION

 

Encryption

At Rest: Your data only resides in the production environment encrypted with AES-256.

In Transit: Your data is transferred between user devices and servers using up to 256-bit encrypted connection via TLS 1.2 and a world-class certificate provider.  The cryptographic keys used to secure Trovata are protected by Amazon’s Key Management Services.
 

Email Security with DKIM, SPF, and DMARC

To bolster the security and integrity of our email communications, we implemented technologies such as DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) for both applicable inbound and outbound email servers.

By deploying DKIM, we attach a digital signature to emails, allowing the recipient to verify that the email was indeed sent from our domain and has not been tampered with. And in reverse, we verify the DKIM signature for received messages. SPF helps us prevent spammers from sending messages on behalf of our domain, and DMARC provides an extra layer of verification, coupled with reporting capabilities to enhance our response to email threats. These protocols are designed to fortify our email systems against phishing, spoofing, and other malicious activities.

​

​

Backup Policy

Our backup processes ensure data and information consistency with highest standards.
 

 

Password Hashing
Passwords are hashed (and salted) securely with a SHA512 encryption.

 

 

Data
Your data will never leave the US. 

 

 

Standards-Based Identity
We currently support SSO with multiple identity providers via SAML 2.0.

 

 

Account Verification for Non-SSO Users
Users are required to validate their accounts via a link provided in an automated e-mail.

 

Audit Logs

When it comes to handling financial data, accountability and transparency are indispensable. Our detailed audit logs are designed to provide a clear and comprehensive record of all actions taken within the platform, allowing such actions to be traced back to individual users and API keys.

​

With MFA (Multi-factor Authentication), our customers can secure their accounts with an extra level of protection, requiring users to provide a second form of authentication, such as a time-based one-time password (OTP) or text message code, in addition to their password. This helps to prevent unauthorized access.

 

INFRASTRUCTURE

 

Secure Infrastructure

Secure and institutional Microsoft Azure environment, delivering a raft of protections including firewalls, intrusion, DMZ.

​

 

Server Patching
We have an automated process that patches our virtual machines on a daily basis.

 

 

Real-Time Monitoring
We scan our infrastructure and applications periodically to detect any existing vulnerability. We have monitoring with AWS Cloudshield and also Web Application Firewall with AWS WAF.

 


Logging
We log every action performed in the system.

 

 

High Availability
Every component of our infrastructure has redundancy. We leverage AWS Availability Zones and have global redundancy in AWS.

 


Disaster Recovery and Business Continuity
We have tested procedures in place to guarantee our uptime and our system’s availability.

 

 

Continuous Security Program
Including periodic independent 3rd party penetration tests.

 


Incident Management
Security and confidentiality incidents submitted to support@trovata.io or our in-app support chat will be resolved in accordance with established incident policy.

 


Reporting Service Disruption Incidents or Maintenance Windows
We use StatusPage.io to keep everyone up to date. This service provides several notification options to subscribe for notifications.

​

 

Risk Management
Monthly risk assessments are performed to ensure the application is secure.

 

​

 

PERSONNEL

 

Logical Access
Employee’s level of access is determined by the job position. Logical access reviews are performed periodically and access is immediately removed if no longer necessary.

 


Multi-Factor Authentication
We enforce it for every employee.

 


Employee Asset Control
Our employees’ devices are monitored in real-time, with antivirus, disk encryption, automatic device blocking, and security patches.

 

 

Personnel
We run background checks and sign confidentiality agreements with all employees. We also train them in Information Security and Secure Development Practices.

bottom of page