Trust
Security & trust
Your strategy is some of the most sensitive information your organisation has. Here's how Trimtab treats it.
Encryption
All traffic is encrypted in transit with TLS 1.2+. Data is encrypted at rest by our cloud database provider (AES-256). Secrets and API keys are stored as environment configuration, never in the codebase or client bundles.
Access control
Every workspace is isolated by tenancy checks on every query. Within a workspace, roles (owner, admin, member, guest) gate management actions; individual strategies, roadmaps and projects carry their own access lists, so sensitive work can be restricted to the people who need it. Server-side authorization runs on every request — never trust-the-client.
Authentication
Sign-in supports Google SSO, email magic links and passwords (bcrypt-hashed, never stored in plaintext). Sessions are JWT-based, signed with a rotated secret, and shared across the suite so one sign-in covers Helm, Flightpath and Snowbird.
AI & your data
AI features are powered by Anthropic's Claude models via API. Your content is sent to Anthropic only when you explicitly run an AI action, is not used to train models under Anthropic's commercial terms, and AI usage is metered per-workspace so you can audit every run.
Payments
Payments are processed by Stripe. Card details never touch Trimtab servers — we store only the Stripe customer reference and subscription state.
Data handling & deletion
You own your data. Workspace owners can export content and can request full deletion at any time via privacy@trimtab.app — we remove production data within 30 days and backups age out on a rolling window.
Subprocessors
We keep the list short: cloud hosting and Postgres (Vercel / managed Postgres), Stripe (billing), Anthropic (AI), Resend (transactional email). Each is bound by its own data-processing terms.
Roadmap
SOC 2 Type II certification, SSO/SAML for enterprise plans and configurable data residency are on our security roadmap. If your procurement process needs specific documentation, email security@trimtab.app and we'll work with you.
Questions?
Security review, DPA or questionnaire — security@trimtab.app. See also our privacy policy and terms.
