Secure at every level

We design everything – product features, infrastructure, internal processes – with the security of your data and money in mind.

Trusted by over 10,000 companies big and small

With access controls, order approvals, and account takeover prevention, you decide who sees your data.

We maintain SOC 2 Type II compliance and conduct regular penetration tests with a third-party.

We protect PII with bank-level data encryption, continuous data backups, and environment segregation.

Identify and block fraudulent payouts using our built-in AI-powered toolkit and customizable controls.

Zero-trust architecture for sensitive data Sensitive data, like reward links and API keys, are one-way encrypted. Even we can’t access them after they’re created.
Access controls Set role-based permissions to control who can do what.
Login protections Unfamiliar login attempts require an extra email verification step to confirm identity.
Audit logs Admins can view and track activity in your account. Our logs serve as digital trails for security audits.
Single sign-on support We support SAML 2.0 protocol so you can authenticate users via external identity providers, including Gmail and Okta.
Multi-factor authentication Require multi-factor authentication for everyone at your org.
Order approvals Customize which orders require admin approval before being sent.
Webhook signatures We sign webhook payloads so listeners know messages haven’t been tampered with in transit.

SOC 2 Type II Compliant Ask our team to see our SOC 2 Type II reports and attestations.
Penetration tests Third parties conduct penetration tests to flag any vulnerabilities. Ask our team for results.
Vulnerability scans As part of SOC 2 compliance, we conduct regular scans with a leading solution that spots vulnerabilities with 99.7% accuracy.
Internal multi-factor authentication Tremendous employees are required to use MFA to access our systems.

Environment segregation Sandbox and production environments are segregated to maintain privacy and data integrity.
Data encryption We encrypt data both at rest and in transit.
Continuous data backups Our data backup and recovery system ensures your data is always safe and accessible to you.
DDoS protection We use the latest technology to protect against denial-of-service attacks and maintain availability.

Customizable fraud controls Set fraud control rules to flag bad actors based on IP address, country, amount redeemed, and more.
Identify fraudsters cycling through identities Flag fraudsters posing as different recipients, including those using VPNs or different emails.
Review flagged rewards Suspect rewards are held for your review, so you can be 150% sure it’s fraud before you block.
Fight fraud together Flag known fraudsters blocked by over 10,000 other companies in the Tremendous network.