Trust & Safety

Security

Your customers trust you with their feedback. You trust us with your data. We take that responsibility seriously — security is built into every layer of the Troots AI platform.

Last updated: March 2025

Security foundations

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Survey responses, customer data, and business credentials are never stored in plain text.

Infrastructure

Our platform runs on enterprise-grade cloud infrastructure with redundant systems, automated backups, and 99.9% uptime SLA. Data is stored in secure, certified data centres.

Access Control

Strict role-based access controls ensure that only authorised personnel can access customer data. All internal access is logged, audited, and reviewed regularly.

Regular Audits

We conduct regular internal security audits and work with independent security researchers to identify and address vulnerabilities proactively.

Incident Response

We maintain a formal incident response plan. In the event of a confirmed breach, affected customers are notified within 72 hours with full transparency on impact and remediation.

Compliance

Troots AI is designed with privacy-by-default principles and aligns with GDPR requirements. We are committed to meeting applicable data protection regulations in every market we operate in.

Security practices

1

Survey data isolation

Each business's survey data is logically isolated. No business can access another's customer responses, analytics, or account information under any circumstances.

2

Minimal data collection

We follow a data minimisation principle — only collecting information that is strictly necessary to provide the service. We do not harvest metadata or behavioural data beyond what is needed for platform analytics.

3

Secure authentication

Business accounts are protected by multi-factor authentication options. Passwords are hashed using bcrypt. Session tokens are short-lived and invalidated on logout.

4

Dependency management

Our development team actively monitors and patches third-party dependencies. Automated vulnerability scanning runs on every deployment to catch known CVEs before they reach production.

5

Network security

Our infrastructure is protected by Web Application Firewalls (WAF), DDoS mitigation, and rate-limiting on all public endpoints. All administrative interfaces are restricted to trusted IP ranges.

6

Data backups

Customer data is backed up daily with point-in-time recovery capability. Backups are encrypted and stored in geographically separate locations from primary data.

Responsible Disclosure

We welcome and appreciate security researchers who responsibly disclose vulnerabilities. If you discover a security issue in our platform, please report it to us directly before public disclosure. We commit to acknowledging your report within 48 hours and working with you to resolve validated issues promptly.

security@trootsai.com

Have a security concern or question?

hello@trootsai.com