Your data is safe with us.
We take security seriously. Here's exactly how we protect your data and what we do to keep the platform secure.
Encryption in transit and at rest
All data is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256. Your API keys and credentials are stored using industry-standard key management systems.
Access controls
Role-based access control (RBAC) limits who can access what within the platform. Internal access to customer data is restricted to authorised personnel only, and all access is logged.
SOC 2 Type II aligned
Our security practices align with SOC 2 Type II standards across availability, confidentiality, and security. We are working toward formal certification.
Continuous monitoring
We run 24/7 infrastructure monitoring, alerting, and anomaly detection. Automated systems flag unusual access patterns and potential threats in real time.
Vendor security
All third-party vendors (Stripe, Cloudflare, Resend) are vetted for their security practices and are bound by data processing agreements. We only use providers with strong security track records.
Data minimisation
We collect only the data necessary to provide the Service. Social data processed for intent signals is not retained beyond what is needed for signal delivery and analytics.
Incident response
We have a formal incident response plan. In the event of a data breach affecting your data, we will notify affected users within 72 hours as required by GDPR.
GDPR and CCPA compliance
We comply with GDPR (EU) and CCPA (California) requirements. Data subject requests - including access, deletion, and portability - are honoured within 30 days.
Penetration testing
We conduct annual penetration tests with third-party security firms. Findings are remediated on a priority basis. Critical vulnerabilities are patched within 24 hours of discovery.
Found a security issue?
We welcome responsible disclosure. If you've found a vulnerability in Typpout, please report it to our security team and we'll respond within 48 hours.