Tripgrid is committed to maintaining the confidentiality, integrity, and security of any personal information we access about our users.
Tripgrid stresses its privacy and security standards to guard against identity theft and provide security for your account information and other data. We constantly re-evaluate our privacy and security policies and adapt them as necessary to deal with new challenges.
- Tripgrid services are hosted in cloud service providers that are audited and certified against industry standards.
- For example, Google Cloud Platform is compliant with the PCI, HIPAA, SSAE 16, SOC 2, and SOC 3 standards, among others. A full list of certifications is available at https://cloud.google.com/security.
- Tripgrid personnel do not have physical access to the infrastructure and systems hosting customer data.
- System configuration and patching occurs through an automated process, backed by source code management for change management, tracking and review.
- Systems access is logged and tracked for auditing purposes.
- Secure destruction policies apply for all sensitive information.
- Fully documented change-management procedures are utilized.
- Monitoring solutions are utilized to prevent and eliminate attacks.
Data Security and Backups
- Sensitive information is filtered from logs.
- Login information is always sent over TLS.
- Backups and failover systems reside in different geographic locations.
- No physical backups of customer data are created (i.e. tapes or paper).
Encryption in Transit
- All private data exchanged with Tripgrid is always transmitted over TLS.
- Insecure communications with Tripgrid public services are automatically redirected to use TLS-protected endpoints.
- Known vulnerable protocols, such as SSL and some versions of TLS, are disabled. TLS 1.2 is required.
Encryption at Rest
- Network storage is provisioned as encrypted volumes.
- Items held in object storage are encrypted.
- Database storage and backups are encrypted.
Credit Card Safety
- Tripgrid does not process credit card payments.
- Tripgrid can receive some credit card information but that information is immediately encrypted with a one-way encryption key. Tripgrid can not read or use any credit card information it receives. The encrypted form is stored under a second layer of encryption (encryption at rest). Tripgrid passes the encrypted form over TLS to the merchant partner who decodes and processes it.
- Tripgrid utilizes PCI-certified vendors for credit card processing where applicable.
Reporting Security Issues
- Tripgrid takes any reports of vulnerabilities seriously. If you encounter a security issue with any Tripgrid services, please report it responsibly by contacting security@Tripgrid.com.
- It is against the Tripgrid Terms of Service to run automated security scanning tools against any Tripgrid service without prior approval.
Tripgrid complies with GDPR and CCPA standards.