Trust
Security
Last updated: June 2026
Security is built into how we operate. This page summarises the controls Trenith Technologies Private Limited applies across its website, client portal, and internal systems. It is a plain description of current practice, not a certification claim.
Encryption in transit
All traffic is served over HTTPS/TLS. We enforce HSTS (with preload), a strict Content‑Security‑Policy, and automatic upgrade of insecure requests, plus standard hardening headers (X‑Frame‑Options, X‑Content‑Type‑Options, Referrer‑Policy, Permissions‑Policy).
Encryption at rest
Data stored in our managed database and object storage is encrypted at rest by the cloud platform. Sensitive client credentials submitted through our secure vault are additionally encrypted at the application layer using AES‑256‑GCM, with keys held separately in a managed secret store, so vault contents are not readable from the database alone.
Hosting & infrastructure
Our website and applications run on Vercel; our backend services, database (PostgreSQL), and file storage run on Google Cloud Platform. Secrets and keys are managed with Google Secret Manager rather than stored in code or configuration. See our sub‑processors for the full list of providers.
Access control
Internal access follows least privilege through role‑based permissions, and staff sign in with Google authentication. Client‑facing links (intake, portal, review, and vault) are access‑controlled per client and time‑/scope‑limited. Public forms use a bot challenge (Cloudflare Turnstile), spam‑trap fields, and rate limiting to reduce abuse.
Data protection & privacy
We collect only what we need and process personal data in line with our Privacy Policy, our Data Processing Agreement, and applicable law (GDPR/UK GDPR, the India DPDP Act, 2023, and others). Analytics on this site run under Google Consent Mode with storage denied by default, so no analytics or advertising cookies are set until you accept the cookie banner. Vercel product analytics load only after you accept.
Certifications & roadmap
We are not currently certified under SOC 2 or ISO 27001. We apply the controls described here as a matter of practice and can share further detail under NDA for enterprise engagements; formal certification is on our roadmap. We do not overstate our posture.
Responsible disclosure
If you believe you’ve found a vulnerability, please email security@trenith.com. We welcome good‑faith reports and will acknowledge and work with you to resolve verified issues. Please do not access or modify data that isn’t yours while testing.
Contact
Security: security@trenith.com · Privacy: privacy@trenith.com.