Trustero Security and Compliance
      Back to home
      1. Trustero Support
      2. Trustero User Guide
      3. Trustero Security and Compliance

      How does Trustero ensure receptors (integrations) are secure?

      Trustero follows industry best practices, follows the principle of least privilege and encrypts all data

      Trustero follows industry best practices for information security which have been verified by 3rd-party auditors as part of our own SOC 2. Our SOC 2 report contains a wealth of knowledge about what we do, our architecture, etc. Please let us know if you'd like that report. We can share it under NDA.
       
      For receptors specifically, we do a few things with respect to security: 
      1. We only collect data that is useful evidence for your controls. We don't collect data that's irrelevant for governance, risk and compliance purposes. 
      2. We follow the principle of least privilege:
        1. Our receptors only have read-only access into services you use. 
        2. Our receptors only have permission to read data necessary for GRC purposes, when possible. For example, if the service has different access levels/scopes/permissions we request the minimum necessary.
      3.  All data collected is encrypted in transit and at rest
      4. You can revoke our access at any time