Enterprise-grade security
Your data security is our top priority. TrueCheck is built on a foundation of industry-leading security practices, certifications, and infrastructure.
SOC 2 Type II
Independently audited controls for security, availability, and confidentiality. Our annual SOC 2 Type II report is available to customers under NDA.
GDPR Compliant
Full compliance with the General Data Protection Regulation, including data processing agreements, data subject rights support, and EU data residency options.
HIPAA Ready
Business Associate Agreements available for healthcare customers. Our infrastructure meets the administrative, physical, and technical safeguards required by HIPAA.
End-to-End Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API keys are hashed and stored securely. Verification codes are never logged in plaintext.
Data Residency
Choose where your data is processed and stored. We offer dedicated infrastructure in North America, Europe, and Asia-Pacific to meet your regulatory requirements.
Automatic Purging
Verification data, including phone numbers and OTP codes, is automatically and irrecoverably purged within 24 hours of delivery. No long-term storage of sensitive data.
Infrastructure Security
TrueCheck runs on hardened infrastructure across multiple availability zones. Our systems are deployed behind Web Application Firewalls with DDoS protection, automated threat detection, and real-time monitoring. All production access requires multi-factor authentication and is logged for audit purposes. We conduct regular penetration tests through independent security firms and operate a responsible disclosure program.
Application Security
Our development practices follow OWASP guidelines and include mandatory code reviews, static analysis, dependency scanning, and automated security testing in CI/CD pipelines. API keys are generated with cryptographically secure random values and stored using one-way hashing. We enforce rate limiting, input validation, and request signing to prevent abuse and ensure data integrity across all API endpoints.
Reporting a Vulnerability
If you discover a security vulnerability in TrueCheck, please report it responsibly by emailing security@truecheck.co. We appreciate the security research community and will acknowledge valid reports within 24 hours. We ask that you avoid accessing or modifying user data, and refrain from public disclosure until we have had a reasonable opportunity to address the issue.