Security &
Compliance

Treno takes security seriously. All customer data is covered by the highest security standards.

Security is our priority.

Data Security

Data and connections to Treno are secure. Data is encrypted at rest, analytics are encrypted in transit with either TLS or HTTPS, and all connections with the Treno application are encrypted using SSL.

Application Security

We develop our application following best practices like OWASP for Golang. We manage access to protected information assets and system changes. Treno employees undergo education on secure product development, testing, and deployment. We perform internal and external penetration testing. 

Secure Development Process

We develop code via a documented SDLC process including how code is tested, reviewed, and promoted to production. Our multi-reviewed, industry-leading process includes reviews before code is committed to the master branch, automated functional and unit testing, application security testing, license management testing, and dependency scanning. 

Corporate Security Standards

We ensure security policies are maintained, communicated, and followed. Contractors and employees must pass a background check, sign confidentiality agreements, complete routine security training, and confirm adherence to corporate security policies.

Privacy

Protecting the privacy of the critical business and personal information entrusted to us is a top priority. Data access is provided on a need-to-know basis, based on the principle of least privilege. Customers may configure data retention duration, and customer data is purged from Treno’s systems after contract end. 

Compliance

Treno undergoes a SOC 2 Type II examination annually. 

Compliance & Certifications

SOC 2 Type II

SOC 2 Type II Certification

Treno undergoes a SOC 2 Type II examination of our security controls against the AICPA defined standards on an annual basis with a third-party audit firm to ensure the security of our platform and its supporting infrastructure. 

SOC 2 Monitored by Drata

Continuous, automated monitoring of the compliance status of company assets by Drata.

Questions?

Request a demo today

Learn how you can deliver more software faster without sacrificing quality or developer health.