We take data security very seriously. We provide a multi-step, multi-level security system with complete transparency so you not only feel safe, you can see how safe your data is, anytime.
Ali Russell, Founder and CTO at Tray.io
We encrypt all our data, authentication and tokens. More details are available in this in-depth article on security at Tray.io.
All communications between your browser and Tray.io’s website are encrypted via HTTPS.
The Tray Platform offers flexible log data retention policies designed to fit your requirements.
Data held on servers are not open to the public.
Monitor sessions by IP address, location, time, browser and operating system and revoke access to prevent unauthorized access to your Tray Platform account.
Add a second layer of security to protect fraudulent access to your Tray Platform account. Read our blog to learn more about it.
Any major account action will prompt a user to re-enter her password.
To detect unusual or suspicious activity on a user's account we use technology to build intelligent models of user behavior.
Tray.io is now SOC 2 Type 2 certified, which means that the design and operating effectiveness of our service organization's system has passed a rigorous 6-month security audit. Tray.io engages in regular SOC 2 audits that are conducted by an independent, third-party auditing firm. Contact us to request the latest copy of our SOC 2 audit.
Tray.io is committed to compliance with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018, and applies to individuals in the European Union. Please contact us to have an in-depth conversation about Tray.io’s approach to GDPR and Trust. Please also get in touch to receive our Data Processing Agreement (DPA).
Tray.io is fully compliant with HIPAA regulations in handling ePHI (electronic protected health information). We employ data minimization practices to ensure full data security. We've passed an independent, third-party HIPAA audit and are happy to sign BAAs (business associate agreements) as needed.
Tray.io is compliant with California Consumer Privacy Act (CCPA) regulations, which went into effect January 1st, 2020. CCPA applies to California residents and is enforceable for any company with revenues larger than $25 million and has more than 50,000 people or devices in their database. Please contact us to have an in-depth conversation about Tray.io’s approach to CCPA and Trust.
The Tray Platform undergoes regular penetration testing by independent third parties to ensure that our platform is secure.
We have an around-the-clock support network of engineers who work very hard to keep the Tray Platform running all of the time. We have an on-call policy for our engineers to be available just in case.
The Tray Platform has built-in automatic back-ups.
All Tray Platform infrastructure is replicated and backed up.
The Tray Platform stores snapshots of our customers’ business logic so we can revert them if necessary.