Security

Security-first.
By design, not afterthought.

We handle sensitive enterprise data. That responsibility shapes every architectural decision we make. SOC 2 Type II certified, GDPR ready, and built for the security requirements of regulated industries.

SOC 2 Type II
Annually audited by independent third parties. Available to enterprise customers on request.
End-to-end encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). Zero plaintext storage of sensitive entity data.
GDPR & CCPA ready
Data residency controls, DPA available, right-to-deletion workflows, and full processing records.
Role-based access
Granular permissions, SSO with all major providers, MFA enforcement, and complete audit logs for every action.
Penetration tested
Annual penetration tests by independent security firms. Vulnerability disclosure program open to researchers.
99.9% uptime SLA
Redundant infrastructure across multiple availability zones. Real-time status at status.trust.spot.

Responsible disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it to security@trust.spot. We aim to acknowledge all reports within 24 hours and resolve critical issues within 72 hours.

Data handling

Entity data you upload is stored in encrypted form and is never used to train models, shared with other customers, or sold to third parties. You retain full ownership of your data and can export or delete it at any time.