Compliance
Application and Development Security
We ensure Trunk meets industry-standard compliance.
Your code is
secure with Trunk
Your code is
secure with Trunk
Trusted by the dev teams everywhere to code, test and merge their software.
Security Overview
Your code is your IP, that’s why security and privacy are core to our design. We minimize data collection, storage, and access whenever possible. We operate using the principle of least privilege at all levels of our product and processes.
Infrastructure and Data Security
Application and Development Security
We use industry best practices to provide Trunk's services.
Corporate Security
Application and Development Security
At Trunk, we believe that good security practices start with our own team.
Application and Development Security
Application and Development Security
Our product is built with security in mind.
ComplianceWe comply with global data protection and security frameworks
SOC 2 Type I
Trunk is dedicated to the highest standards of security, availability, and confidentiality. This milestone assures our customers of the robustness of our security controls. For details on our security practices or to request a copy of our SOC 2 report, please contact us.
SOC 2 Type II
Trunk's SOC 2 Type II certification is in progress. It will be audited annually going forward.
Infrastructure and Data SecurityWe're built to secure your intellectual property
Secure Infrastructure
We host all of our data in physically secure, U.S.-based Amazon Web Services (AWS) facilities that include 24/7 on-site security and access monitoring.
Data Encryption in transit & at rest
All data sent to or from Trunk is encrypted using Transport Layer Security (TLS) and HTTP Strict Transport Security (HSTS), and all customer data is encrypted using AES-256.
Access Controls
Access to customer data is limited to functions with a business requirement to do so. Access to environments that contain customer data requires a series of authentication and authorization controls, including multi-factor authentication (MFA). Trunk enforces the principles of least privilege and need-to-know for access to customer data, and access to those environments is monitored and logged for security purposes.
Data Redundancy and Backup
Trunk’s infrastructure has been designed to be fault tolerant. All databases operate in a cluster configuration and the application tier scales using load balancing technology that dynamically meets demand.
Corporate SecurityWe hold our employees to the highest standards
Security Policies and Incident Response
Trunk keeps updated security policies to address changing security needs. These policies are available to employees for training and reference on the company’s internal platform.
Onboarding and Offboarding Procedures
New hires at Trunk undergo background checks and are required to complete “Legal and Security” and annual InfoSec training. When an employee leaves, we immediately disable their access to devices, apps, and company resources through Trunk's IDM and MDM tools.
Continuous Security Training
The Security Team at Trunk regularly educates employees about new security threats and conducts phishing awareness campaigns.
Office Security
Trunk has a program to handle visitor management, office access control, and general office security.
Application and Development SecurityBuild with security in mind from the ground up
Secure Development Lifecycle
Code development is done through a documented SDLC process, and every change is tracked via GitHub. Automated controls ensure changes are peer-reviewed and pass an internal security review before being deployed to production.
Rigorous product design and security testing
Our projects pass thorough security-design reviews, threat models, and regular pen tests using trusted security vendors. Additionally, we consistently perform threat modeling exercises to stay ahead of potential security risks.
Application monitoring and protection
All app access is logged and audited. We also use a wide variety of solutions to quickly identify and eliminate threats.
Third-party vendor security review
We ensure that all of our third-party apps and providers meet our security data protection standards before using them.
Customer Data Protection
Customer Control Over Data
Explain how customers can manage their data within Trunk.io’s platform, including data export and deletion capabilities.
Subprocessors
We ensure that all of our third-party apps and providers meet our security data protection standards before using them. See trunk.io/subprocessors for an up-to-date listing.
Privacy by Design
Your data is yours to own. Trunk does not sell our customers' user data.
Privacy Policy
See trunk.io/privacy for our latest policy.
