Data Security
      Back to home
      1. Truv Help Center
      2. Security and Compliance
      3. Data Security

      How does Truv ensure the security of user data?

      At Truv, the security and privacy of user data are our top priorities. We have implemented several measures to ensure the safety of data during the verification process. Here's how we protect your data:

      1. SOC2 Type II Certification

      Truv is SOC2 Type II certified, which means we’ve passed a rigorous audit to ensure we’re securely managing your data. This certification verifies that we meet strict standards for protecting the privacy and security of sensitive data.

      • Key features:
        • Multi-factor authentication (MFA) for critical systems
        • Encryption for all sensitive data
        • Regular audits of our processes and controls

      This certification is renewed annually to ensure we maintain the highest security standards.

      2. Continuous Monitoring and Testing

      To maintain a strong security posture, Truv uses Vanta, a tool that automates monitoring and tracks our compliance controls. It helps us track:

      • Employee security training
      • Regular penetration testing
      • Reporting of security vulnerabilities

      If you encounter any security issues, you can report them to security@truv.com, and we’ll respond promptly.

      3. Controlled Data Access

      At Truv, we limit access to sensitive data based on need-to-know principles. Only authorized personnel can view your data, and this access is logged for transparency.

      • Key practices:
        • Data access is granted for 24 hours and is revoked automatically afterward.
        • Encryption protects all sensitive information, ensuring that data is unreadable without proper authorization.

      4. Data Storage and Backup

      Truv stores data in the cloud, primarily using Amazon Web Services (AWS) for infrastructure and storage. To ensure data availability, we use multi-region backups. In case of an issue in one region, we can restore data quickly within 24 hours.

      • Key points:
        • All data is encrypted during storage.
        • Aggregated, non-personally identifiable data is stored for analysis and quality improvements.

      5. Data Retention and Management

      We offer customizable retention policies for enterprise clients. You can set how long we store your data or request its deletion via an API.

      Conclusion

      Truv prioritizes data security at every stage, from our SOC2 Type II certification to continuous monitoring and strict access controls. If you need further information or would like to request our SOC2 Type II report, don’t hesitate to reach out to us.

      Your data is in safe hands with Truv!