Securty

Security at Trebellar

At Trebellar, data security and privacy are at the core of everything we do. Our approach to protecting your organization’s information involves comprehensive measures to ensure your data remains secure and private.

Data Security

Data encryption
Data in transit

All data is transferred securely using TLS 1.2.

Data at rest

All data is stored securely in GPC using AES-256 encryption.

Data availability
Backups

Trebellar’s production systems and databases are securely backed up on a regular basis. We periodically conduct backup testing to ensure data is written and stored properly.

Regional redundancy

Trebellar uses GPC as its primary cloud services provider. The principal region is XX in North America, though we have built automatic failover with other regions.

Application Security

Development lifecycle
Access controls

Trebellar staff have access only to the environments required to fulfill their role. Only authorized staff members may access customer data, and additional controls may be put in place depending on customer requirements.

Testing and review

All changes to our application go through a multi-step testing and review process.

Separate environments

Trebellar maintains segregated environments for testing, staging, and production.

Risk & vulnerability management
Security alert services

Our security and engineering teams subscribe to security alert services – any newly known vulnerabilities or exploits are promptly addressed.

Vulnerability scans

Trebellar conducts regular scans on its application, systems, and core services to identify potential risks and vulnerabilities.

Code analysis

Trebellar’s code repositories are analyzed regularly using static code analysis tools.

Product Security

Authentication
Identify management

Trebellar supports user authentication via enterprise identity management and/or SSO solutions.

Multi-factor authentication

Trebellar supports MFA and rigorous password requirements.

User permissions

User roles and permissions come as part of Trebellar’s application offering, enabling authorized admin users to limit access permissions for members of their team.

Privacy
No PII

As a general rule, Trebellar’s software does not ingest, process, or store personally identifiable information (PII) beyond the software user’s name and work email.

Data masking

In some instances, customers may wish to configure Trebellar’s platform to integrate with datasets containing PII, such as HRIS or badge readers. In these cases, personal information is masked using hashing to ensure that no PII is brought into Trebellar’s systems.

Privacy and compliance

We adhere to rigorous standards to comply with legal and regulatory requirements, ensuring that your data is handled responsibly."