![Trint_Logo-no-padding.png]](https://info.trint.com/hs-fs/hubfs/Trint_Logo-no-padding.png?height=40&name=Trint_Logo-no-padding.png){kind=logo}
Application and Data Security
Frequently asked questions around Trint's application and data security.
Is any sensitive personal data being processed?
Trint does not process sensitive information as a Data Controller. Any sensitive personal information uploaded by customers is processed solely in Trint’s role as a Data Processor on the customer’s behalf. Trint has no visibility into or control over this data and does not access Customer Content without prior written customer consent, unless required by local law.
What customer data is being processed?
PII as necessary for user accounts (email addresses, first name, last name). Please see Trint's Platform Privacy Policy for more information.
Does Trint have the ability to promptly delete or provide information on a specific individual on instruction from a client?
Administrators designated by the customer can monitor activity and manage users within the admin dashboard, including the removal of users from the organisation. Upon request from Enterprise customers, Trint can securely delete Customer Content and user accounts up to once per month.
Are third-party vulnerability assessments conducted on the applications processing customer data? What is the frequency of these assessments?
A thorough vulnerability assessment is performed annually by an external party.
Please describe the type of data your platform or service will store, process or transmit.
Basic PII (name, email, IP address) and uploaded Customer Content. Please see our Platform Privacy Policy for more information.
Why do you need to collect the personal data or sensitive personal data?
For the provision of user accounts. For more information, please see our Platform Privacy Policy.
Does the service allow for a login federated IDM infrastructure? Does your service support SAML or ADFS for Single Sign-On?
Yes, SAML based SSO integrations are possible.
What assurance can you provide regarding the physical security of the data centres?
Physically, Trint stores your data in data centers owned and operated by Amazon Web Services (AWS). These data centers deliver the very highest levels of physical and infrastructure security.
Please provide an example of a written procedure that defines the process and details how the deletion of Data Subjects is performed
Trint handles all GDPR deletion requests through internally logged support tickets, which are processed using secure tooling available to the Trint Customer Success team. Once a deletion request is received by the Trint backend, all associated user and file data is permanently removed from the database, including deletion and overwriting where applicable. In addition, all files uploaded by the user are permanently deleted via authenticated requests to the cloud provider’s API, ensuring complete removal from S3 storage.
Upon completion, confirmation of the deletion is recorded in the support ticket and can be shared with the customer upon request.
Is any customer information used in development, testing, and/or staging environments?
No, client data is kept separate from our non-production environments.
Is Two-Factor Authentication (2FA) required for remote access?
Yes, 2FA is required for remote access.
Will customer data be permanently erased from the solution, including any backup storage, when this data is deleted or the service ended?
Yes. Customer content will be permanently deleted when a secure deletion is requested, or after the service is ended. Some non-content customer PII (e.g. email, name, IP address) will be retained in the database backups for up to year.
Are you planning to share customer data with any other third parties?
No. Media is transcoded and transcribed within Trint's infrastructure.
Is verification provided that data has been securely deleted?
Yes, via the Customer Service Manager.