Security is our priority.
Data and connections to Treno are secure. Data is encrypted at rest, analytics are encrypted in transit with either TLS or HTTPS, and all connections with the Treno application are encrypted using SSL.
We develop our application following best practices like OWASP for Golang. We manage access to protected information assets and system changes. Treno employees undergo education on secure product development, testing, and deployment. We perform internal and external penetration testing.
Secure Development Process
We develop code via a documented SDLC process including how code is tested, reviewed, and promoted to production. Our multi-reviewed, industry-leading process includes reviews before code is committed to the master branch, automated functional and unit testing, application security testing, license management testing, and dependency scanning.
Corporate Security Standards
We ensure security policies are maintained, communicated, and followed. Contractors and employees must pass a background check, sign confidentiality agreements, complete routine security training, and confirm adherence to corporate security policies.
Protecting the privacy of the critical business and personal information entrusted to us is a top priority. Data access is provided on a need-to-know basis, based on the principle of least privilege. Customers may configure data retention duration, and customer data is purged from Treno’s systems after contract end.
Treno undergoes a SOC 2 Type II examination annually and is EU GDPR compliant.
Compliance & Certifications
SOC 2 Type II Certification
Treno undergoes a SOC 2 Type II examination of our security controls against the AICPA defined standards on an annual basis with a third-party audit firm to ensure the security of our platform and its supporting infrastructure.
SOC 2 Monitored by Drata
Continuous, automated monitoring of the compliance status of company assets by Drata.
Treno is committed to ensuring ongoing compliance with the General Data Protection Regulation (GDPR) and is EU GDPR compliant.