Trimtab

Trust

Security & trust

Your strategy is some of the most sensitive information your organisation has. Here's how Trimtab treats it.

Encryption

All traffic is encrypted in transit with TLS 1.2+. Data is encrypted at rest by our cloud database provider (AES-256). Secrets and API keys are stored as environment configuration, never in the codebase or client bundles.

Access control

Every workspace is isolated by tenancy checks on every query. Within a workspace, roles (owner, admin, member, guest) gate management actions; individual strategies, roadmaps and projects carry their own access lists, so sensitive work can be restricted to the people who need it. Server-side authorization runs on every request — never trust-the-client.

Authentication

Sign-in supports Google SSO, email magic links and passwords (bcrypt-hashed, never stored in plaintext). Sessions are JWT-based, signed with a rotated secret, and shared across the suite so one sign-in covers Helm, Flightpath and Snowbird.

AI & your data

AI features are powered by Anthropic's Claude models via API. Your content is sent to Anthropic only when you explicitly run an AI action, is not used to train models under Anthropic's commercial terms, and AI usage is metered per-workspace so you can audit every run.

Payments

Payments are processed by Stripe. Card details never touch Trimtab servers — we store only the Stripe customer reference and subscription state.

Data handling & deletion

You own your data. Workspace owners can export content and can request full deletion at any time via privacy@trimtab.app — we remove production data within 30 days and backups age out on a rolling window.

Subprocessors

We keep the list short: cloud hosting and Postgres (Vercel / managed Postgres), Stripe (billing), Anthropic (AI), Resend (transactional email). Each is bound by its own data-processing terms.

Roadmap

SOC 2 Type II certification, SSO/SAML for enterprise plans and configurable data residency are on our security roadmap. If your procurement process needs specific documentation, email security@trimtab.app and we'll work with you.

Questions?

Security review, DPA or questionnaire — security@trimtab.app. See also our privacy policy and terms.