Security at Trustpage

• CCPA

  Trustpage is fully committed to the California Consumer Privacy Act (CCPA). The CCPA is a law that allows any California consumer to request all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. If you wish to request your information that Trustpage has collected from you, please submit your request to support@trustpage.com.

• GDPR

  Trustpage is in full support of the General Data Protection Regulation (GDPR). GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The regulation allows EU citizens to request all the information a company has saved on them, in addition to requesting that all personal information is removed from a company's systems and any subprocessors who have handled their data. If you wish to request your information that Trustpage, and its subprocessors, have collected from you, please submit your request to support@trustpage.com.

• Google SSO

  Google SSO enables Gmail and G Suite users to sign in to other applications such as Trustpage using their Google account. SSO simplifies the management of passwords and identity, helping improve security by reducing the potential for stolen passwords among other attacks.

• Data Encrypted At-Rest

  Trustpage data is hosted at Heroku, a Salesforce Company. All data is encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume. You can find more detail about EBS encryption here http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html.

• Data Encrypted In-Transit

  Trustpage uses HTTPS for all applications and SSL for all database connections to protect sensitive data transmitted to and from applications.

• Privacy Policy
  Privacy Policy

  Your privacy is important to us. It is Trustpage's policy to respect your privacy regarding any information we may collect from you across our website. Trustpage only collects data that we need and only retains it for as long as necessary. Trustpage does not share any personally identifying information publicly or with third-parties, except when required to by law.

• Data Breach Notification

  In the event of unauthorized access to data, Trustpage will notify its customers and other affected parties about the breach within 24 hours, or as required by law, as well as take specific steps to remedy the situation to prevent future incidents.

• Status Page
  Status Page

  Trustpage's system availability can be viewed in real-time.

• Employee Workstations Automatically Locked

  Trustpage uses Fleetsmith for device management. Employee devices automatically lock after a period of inactivity and immediately requires a password to unlock.

• Employee Workstations Encrypted

• Business Continuity Plan
• Data Backups

  Trustpage has automated data backups that run daily to protect against data loss.

• FISMA - Moderate - Data Center
• ISO 27001 - Data Center
• PCI-DSS - Level 1 - Data Center
• SOC 2 Type II - Data Center
• Sarbanes-Oxley (SOX) - Data Center

• Name

  Purpose

  Location

  Auth0

  Authentication and authorization

  USA

  Fastly

  DNS and Hosting provider

  USA

  Heroku

  Hosting

  USA

  SendGrid

  Email service provider

  USA

If you believe you've discovered a security-related issue, please contact us at security@trustpage.com.