Secure at every level

We design everything – product features, infrastructure, internal processes – with the security of your data and money in mind.

Trusted by over 10,000 companies big and small

Our multi-layered approach

Security Icon
Security Icon Hover

Product security

With access controls, order approvals, and account takeover prevention, you decide who sees your data.

Fraud 2 Icon
Fraud 2 Icon Hover

Process security

We maintain SOC 2 Type II compliance and conduct regular penetration tests with a third-party.

Gears Icon
Gears Icon Hover

Infrastructure security

We protect PII with bank-level data encryption, continuous data backups, and environment segregation.

Warning Icon
Warning Icon Hover

Fraud prevention

Identify and block fraudulent payouts using our built-in AI-powered toolkit and customizable controls.

Product security

  • Zero-trust architecture for sensitive data Sensitive data, like reward links and API keys, are one-way encrypted. Even we can’t access them after they’re created.

  • Access controls Set role-based permissions to control who can do what.

  • Login protections Unfamiliar login attempts require an extra email verification step to confirm identity.

  • Audit logs Admins can view and track activity in your account. Our logs serve as digital trails for security audits.

  • Single sign-on support We support SAML 2.0 protocol so you can authenticate users via external identity providers, including Gmail and Okta.

  • Multi-factor authentication Require multi-factor authentication for everyone at your org.

  • Order approvals Customize which orders require admin approval before being sent.

  • Webhook signatures We sign webhook payloads so listeners know messages haven’t been tampered with in transit.

Process security

  • SOC 2 Type II Compliant Ask our team to see our SOC 2 Type II reports and attestations.

  • Penetration tests Third parties conduct penetration tests to flag any vulnerabilities. Ask our team for results.

  • Vulnerability scans As part of SOC 2 compliance, we conduct regular scans with a leading solution that spots vulnerabilities with 99.7% accuracy.

  • Internal multi-factor authentication Tremendous employees are required to use MFA to access our systems.

Infrastructure security

  • Environment segregation Sandbox and production environments are segregated to maintain privacy and data integrity.

  • Data encryption We encrypt data both at rest and in transit.

  • Continuous data backups Our data backup and recovery system ensures your data is always safe and accessible to you.

  • DDoS protection We use the latest technology to protect against denial-of-service attacks and maintain availability.

Fraud prevention

  • Customizable fraud controls Set fraud control rules to flag bad actors based on IP address, country, amount redeemed, and more.

  • Identify fraudsters cycling through identities Flag fraudsters posing as different recipients, including those using VPNs or different emails.

  • Review flagged rewards Suspect rewards are held for your review, so you can be 150% sure it’s fraud before you block.

  • Fight fraud together Flag known fraudsters blocked by over 10,000 other companies in the Tremendous network.

Learn more