Security is what we do. We understand that by entrusting us with your data, you’re expecting the highest level of protection. That’s why we’ve engineered every part of our system to follow strict security principles and best practices — from infrastructure to internal processes.
At Trunc, security is foundational. We understand that by entrusting us with your data, you’re expecting the highest level of protection. That’s why we’ve engineered every part of our system to follow strict security principles and best practices — from infrastructure to internal processes.
Every Trunc customer operates in a fully isolated environment. Each client has their own dedicated database and data container, eliminating the risk of shared infrastructure or accidental data leaks. This per-customer isolation model ensures clean boundaries and maximum privacy between tenants.
All of our servers are containerized and isolated from each other to minimize attack surfaces and ensure fault containment. Strict access controls are enforced at every layer, and all systems are continuously monitored for unusual behavior or unauthorized access attempts.
Employees are granted only the minimum access necessary to perform their roles, with separated security permissions for infrastructure and servers. Access to any production environment requires multi-layered approval and is tightly controlled.
Data protection is built-in by default. All customer data is encrypted at rest and in transit using industry-standard encryption algorithms. Even in the unlikely event of unauthorized access, the data remains unreadable and protected.
Trunc does not store or process payment information on its servers. We partner with Stripe, a PCI-compliant global payments provider, to manage all billing securely. Your payment data never touches our infrastructure — ensuring an added layer of protection by offloading it to a dedicated, security-focused service.
We host our infrastructure in leading data centers that meet rigorous international compliance standards, including:
We enforce two-factor authentication (2FA) on all employee accounts to protect against unauthorized access. Role-based access controls (RBAC) and audit logging are in place to ensure accountability and traceability. Security reviews are part of our development lifecycle, and all critical paths are routinely audited.
Security at Trunc is not a checkbox — it's an ongoing commitment. We stay ahead of emerging threats through proactive monitoring, routine security audits, and by adhering to the latest security practices in infrastructure and software design.