This document provides a high-level overview of Truewind's approach to data security for customers, partners, and external stakeholders. It is intended for external sharing and excludes internal-only operational details.
Data Privacy Principles
- We follow a data minimization approach and seek to collect only the information needed to provide and support our services.
- We limit access to customer data based on business need and job responsibilities.
- We maintain administrative, technical, and organizational safeguards designed to protect customer data.
Data Storage and Protection
Authentication and Identity
Truewind uses managed identity and authentication services to support secure user access. Authentication systems are configured to support modern security controls such as strong passwords, multi-factor authentication, session management, and access revocation.
Authorization
Truewind uses role-based and application-level access controls to help ensure users can access only the data and functionality appropriate to their role.
Encryption
- Data is encrypted in transit using TLS.
- Data is encrypted at rest using industry-standard encryption mechanisms provided by our infrastructure and service providers.
- Sensitive secrets such as tokens and keys are protected using secure storage and access controls.
Internal Access to Customer Data
Access to customer data is limited to authorized personnel with a legitimate business need, such as support, operations, security, or engineering personnel performing approved duties. Access is governed through least-privilege principles and managed review processes.
Compliance and Assurance
Truewind maintains a security and compliance program designed to support customer trust and regulatory expectations.
Our Trust Center, including security and compliance materials made available for external review, can be found here:
Security Program Overview
Hosting and Infrastructure
Truewind relies on established cloud infrastructure providers to host and operate production services. We use managed cloud services and infrastructure controls intended to support security, resilience, and operational visibility.
Access Controls
- Access to production systems and sensitive data is governed through formal provisioning and deprovisioning processes.
- Strong authentication measures, including multi-factor authentication, are used for access to critical systems.
- Access is reviewed and adjusted as roles change.
Change Management
- Code and configuration changes follow a defined release and deployment process.
- Changes are subject to review and approval controls before production deployment.
Logging and Monitoring
Truewind maintains logging, monitoring, and alerting capabilities intended to support detection, investigation, and response to security and operational events.
Incident Response
Truewind maintains incident response processes intended to support identification, escalation, containment, remediation, and communication for security incidents.
Security Awareness
Security awareness and security responsibilities are addressed during onboarding and reinforced through ongoing training and operational practices.
Corporate Security Controls
Truewind maintains supporting controls across core business systems, including:
- Identity and access management
- Multi-factor authentication
- Endpoint and device management
- Source code and development workflow protections
- Email and domain security controls
- Vendor and service provider review processes
Subprocessors and Contractual Protections
Truewind works with selected third-party service providers to deliver and support its services. Where appropriate, contractual and privacy protections such as data processing terms are maintained with relevant vendors.
Data Retention
Truewind maintains data retention and deletion practices designed to align with legal, contractual, operational, and customer requirements.
Contact
For security-related questions, due diligence requests, or access to additional materials made available through our Trust Center, please contact Truewind through the appropriate customer or security contact channel.