Separate access controls are enforced at each layer of the Tremendous infrastructure. Customer data is accessible only to employees whose job functions require it. All application and user access logs are stored centrally and monitored.
Tremendous regularly undergoes both internal and external network penetration tests, and third-party code reviews. Reviews include Keyhole Assessments, SQA Application Assessments, Automated Web Application Scanning, Network Infrastructure Assessments, External Automated Vulnerability Scanning, and Internal Automated Vulnerability Scanning.
The Tremendous API and website only allow client requests using TLS protocols. Communication between Tremendous infrastructure and financial institutions is transmitted over encrypted tunnels.
Tremendous does not touch or store sensitive credit card data. Our third-party credit card vault, Spreedly, has undergone PCI level 1 certification. All bank data is encrypted using the Advanced Encryption Standard (AES-128-CBC).