How does Trustpage protect data?

We encrypt it

Data Encrypted In-Transit

Trustpage uses HTTPS for all applications and SSL for all database connections to protect sensitive data transmitted to and from applications.

Data Encrypted At-Rest

Trustpage data is hosted at Heroku, a Salesforce Company. All data is encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume.

Passwords Encrypted

Trustpage uses Auth0 for authentication. Auth0 only stores passwords for users that do not use SSO. Auth0 never stores passwords in cleartext—they are always hashed and salted securely using bcrypt.

We have a Data Protection Officer

Trustpage has implemented a set of internal policies and procedures related to data protection that all our employees must follow. Trustpage has appointed Jay Lloyd, Head of Trust, as its Data Protection Officer (DPO). As DPO, he is accountable for enforcing these policies and ensuring that data protection issues are promptly communicated to our CEO.

We backup your data

Trustpage has automated data backups that run daily to protect against data loss. Critical systems have a Recovery Point Objective (RPO) of 24 hours or less.

We limit who has access to your data

Trustpage follows the principle of least privilege when granting employees access to our systems. Access to data is limited to legitimate business needs and employees' roles. Trustpage periodically reviews employee access to ensure their access level continues to be in alignment with their role—access may be downgraded or revoked at this time. An employee's access is revoked promptly upon termination.

We store your documents securely

Trustpage utilizes secure data storage for uploaded resources. Managed keys are used to encrypt and decrypt resources stored on disk. When sharing resources, with a visitor for the first time, the user will be prompted to create an account with your Trust Center. The user must have access to the email account for whom the resource was shared. A user's access to the document can be revoked at any time through the application.

 

Please visit Trustpage's Trust Center to learn more about our security program.