Back to Home

Security Policy

Last Updated: December 21, 2025

At Trimobe, we take the security of your data seriously. This Security Policy outlines the measures we implement to protect your information and ensure the confidentiality, integrity, and availability of our services.

For questions about our security practices, please contact us at contato@trimobe.com

Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using industry-standard TLS 1.3 (Transport Layer Security). This ensures that your documents, personal information, and credentials are protected from interception during transmission.

Encryption at Rest

All data stored on our servers, including uploaded documents and user information, is encrypted at rest using AES-256 encryption. This protects your data even in the unlikely event of physical server compromise.

Data Storage & Handling

Document Processing

Your uploaded documents are processed using secure AI pipelines. Documents are temporarily stored during processing and are automatically deleted after 30 days unless you choose to save them in your account.

Data Retention

  • Account information: Retained for the duration of your account plus 90 days after deletion
  • Processed documents: 30 days after upload (configurable in account settings)
  • Transaction records: 7 years (for compliance purposes)
  • System logs: 90 days

Geographic Location

Our primary data centers are located in secure facilities with redundant power, cooling, and network connectivity. We comply with data residency requirements as applicable.

Access Controls

Authentication

  • Strong password requirements enforced
  • Multi-factor authentication (MFA) available for all users
  • Session timeout after 30 minutes of inactivity
  • Account lockout after 5 failed login attempts

Employee Access

Access to customer data is restricted on a need-to-know basis. All Trimobe employees with data access:

  • Undergo background checks
  • Sign confidentiality agreements
  • Complete security training annually
  • Use multi-factor authentication for all systems
  • Access is logged and audited regularly

Infrastructure Security

Cloud Infrastructure

Our services are hosted on enterprise-grade cloud infrastructure with:

  • 99.9% uptime SLA
  • Automated backups every 6 hours
  • Geographic redundancy across multiple regions
  • DDoS protection and mitigation
  • Intrusion detection and prevention systems

Network Security

  • Firewalls configured with least-privilege access rules
  • Network segmentation to isolate sensitive systems
  • Regular vulnerability scanning and penetration testing
  • Web Application Firewall (WAF) to prevent common attacks

Application Security

  • Secure development lifecycle (SDLC) practices
  • Code reviews and automated security testing
  • Dependency scanning for known vulnerabilities
  • Regular security updates and patches

Incident Response

In the event of a security incident, we follow a structured incident response plan:

  1. Detection: Automated monitoring systems and security teams detect potential incidents
  2. Assessment: Incident severity and impact are evaluated
  3. Containment: Affected systems are isolated to prevent further damage
  4. Investigation: Root cause analysis is performed
  5. Remediation: Vulnerabilities are patched and systems restored
  6. Notification: Affected users are notified within 72 hours if personal data is compromised
  7. Post-Incident Review: Process improvements are implemented

Compliance & Certifications

Trimobe is committed to maintaining compliance with relevant data protection regulations and industry standards:

  • GDPR (General Data Protection Regulation) - EU data protection compliance
  • SOC 2 Type II - Security and availability controls (certification in progress)
  • ISO 27001 - Information security management (certification in progress)
  • CCPA (California Consumer Privacy Act) - California privacy compliance

Third-Party Services

We carefully vet all third-party service providers that process customer data. Our vendors must:

  • Demonstrate appropriate security controls
  • Sign data processing agreements
  • Comply with applicable data protection regulations
  • Undergo regular security assessments

Your Security Responsibilities

Security is a shared responsibility. To protect your account and data:

  • Use a strong, unique password for your Trimobe account
  • Enable multi-factor authentication
  • Keep your login credentials confidential
  • Log out from shared or public computers
  • Report suspicious activity immediately to contato@trimobe.com
  • Keep your contact information up to date for security notifications

Security Contact

If you discover a security vulnerability or have security concerns, please report them immediately:

Email: contato@trimobe.com

Subject Line: [SECURITY] - Brief description of the issue

We take all security reports seriously and will respond within 48 hours. We appreciate responsible disclosure and will acknowledge contributors who help us improve our security.

Policy Updates

We may update this Security Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated to users via email at least 30 days before they take effect. Continued use of Trimobe services after changes become effective constitutes acceptance of the updated policy.