Cyber Monday: $100 OFF on PRO with the coupon CYBER100 at checkout

S

E

C

U

R

I

T

Y

Triple Session is committed to the security and privacy of our customer's data.

Our policies are based on the following foundational principles:

01.

Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

02.

Security controls should be implemented and layered according to the principle of defense-in-depth.

03.

Security controls should be applied consistently across all areas of the enterprise.

04.

The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Security and Compliance at Triple Session

Triple Session is committed to maintaining the highest standards of security. We're in process of obtaining SOC 2 Type II certification with a target completion date of Q4 2024. Our SOC 2 Type II report is available on our Trust Center.

Data protection

Data at rest

All datastores with customer data are encrypted at rest. Sensitive collections and tables also use row-level encryption.

Data in transit

Triple Session uses TLS 1.3 or higher everywhere data is transmitted over potentially insecure networks.

Data backup

Triple Session backs-up all data using a point-in-time approach. Backups are persisted for 7 days.

Security Controls

With industry best practices, third-party auditors, and a collection of operational controls, Triple Session is committed to the safety and confidentiality of your data.

Infrastructure Security

  • Unique production database authentic...
  • Encryption key access restricted
  • Access control procedures established

Organizational Security

  • MDM system utilized
  • Production inventory maintained
  • Security awareness training implemented

Product Security

  • Data encryption utilized
  • Control self-assessments conducted
  • Data transmission encrypted

Internal Security Procedures

  • Access requests required
  • Production deployment access restricted
  • Development lifecycle established

Data and Privacy

  • Data retention procedures established
  • Customer data deleted upon leaving
  • Data classification policy established