Security at TridentStack
As a security company, we hold ourselves to the highest standards. We understand that you're trusting us with access to your systems, and we take that responsibility seriously.
Our Security Principles
These principles guide every decision we make about how we build and operate our platform.
Defense in Depth
Multiple layers of security controls protect your data at every level, from network to application to data storage.
Least Privilege
Access to systems and data is restricted to the minimum necessary. Our agent requests only the permissions required for its functions.
Transparency
We believe in being open about our security practices. This page documents how we protect your data and systems.
Continuous Improvement
Security is not a destination. We continuously monitor, test, and improve our security posture.
Infrastructure Security
Our infrastructure is built on AWS with security as a foundational requirement, not an afterthought.
Cloud Infrastructure
- Hosted on Amazon Web Services (AWS)
- Multi-availability zone deployment for high availability
- Automated scaling to handle demand
- Regular infrastructure security assessments
Network Security
- Web Application Firewall (WAF) protection
- DDoS mitigation
- Network segmentation between services
- Private subnets for databases and internal services
Access Controls
- Role-based access control (RBAC) for all systems
- Multi-factor authentication required for infrastructure access
- Privileged access management for production systems
- Regular access reviews and deprovisioning
Data Protection
Your data is protected with industry-standard encryption and strict access controls throughout its lifecycle.
Encryption in Transit
All data transmitted between your endpoints and our services is encrypted using TLS 1.2 or higher. Our agent communicates over encrypted gRPC channels with certificate validation.
Encryption at Rest
All customer data is encrypted at rest using AES-256 encryption. Database backups are encrypted and stored in geographically separate locations.
Data Isolation
Customer data is logically isolated at the application level. Each tenant's data is segregated and access is strictly controlled through authentication and authorization.
Data Retention
We retain your data only as long as necessary to provide services. Upon account termination, data is retained for 90 days for recovery purposes, then permanently deleted.
Agent Security
Our agent runs on your endpoints with the access it needs to manage updates and security. We've designed it with security as the top priority.
- Digitally signed binaries to prevent tampering
- Secure credential storage using OS-provided secure storage (Windows DPAPI)
- Encrypted communication channels with certificate pinning
- Automatic security updates delivered through our update service
- Minimal attack surface with only required ports and services
- No collection of personal user data, passwords, or document contents
- Audit logging of all agent activities
What the Agent Collects
Our agent collects only the information necessary to provide our services:
Application Security
Security is built into our development process from design through deployment.
Secure Development
- Security-focused code reviews for all changes
- Static code analysis and dependency scanning
- Regular dependency updates and vulnerability patching
- Secure coding guidelines and training
Authentication & Authorization
- OAuth 2.0 / OpenID Connect authentication
- Support for Microsoft and Google identity providers
- Role-based access control within the application
- API key authentication with scoped permissions
Questions About Security?
Our team is happy to answer any questions about our security practices or discuss your specific requirements.