Your data is safe with us
Security is not a feature — it's the foundation of everything we build at Trumflow.
End-to-End Encryption
All data is encrypted in transit via TLS 1.3 and at rest with AES-256. API keys are never stored in plaintext.
GDPR & PIPEDA Compliant
Configurable data residency (EU or Canada). Access, portability, and deletion rights available in the dashboard. DPA available on request.
Secure Authentication
Multi-factor authentication available. OAuth2 with Google. Sessions automatically expire. JWT tokens rotated every 24 hours.
Audit Logging
All data access is logged and retained for 90 days. Automatic alerts on anomalous activity. Full audit trail for compliance.
Secure Infrastructure
Hosted on Supabase (AWS) with per-tenant data isolation. Daily encrypted backups. No data sharing between customers.
Security Testing
Systematic code reviews. Annual penetration testing. Dependencies automatically updated via Dependabot. Responsible disclosure program.
Responsible Disclosure
If you discover a security vulnerability in Trumflow, please report it responsibly. We commit to responding within 48 hours.
security@trumflow.com