We're empowering leading investment managers to prioritize people over paperwork and realize the full potential of their investor relationships.
The data we collect can be extremely sensitive. These are some of the things we do to protect you and your data.
Get access to our security documentation, including our SOC2 report, data security policies, and more on our security portal.
All data is encrypted at rest using AES256 or better and in transit using TLS1.2+.
Passthrough supports 2-factor authentication. Learn how to enable it on your account.
Passthrough undergoes annual SOC 2 audits to verify the privacy and security of our information systems and internal controls.
Passthrough hires third parties to simulate cyber attacks on our systems to proactively search for vulnerabilities.
Passthrough uses Google Cloud for our backend infrastructure. Google Cloud is a market leader in security and are compliant with all of the relevant data industry standards, including ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and AICPA SOC.
Compromised credentials are the #1 attack vector in the industry. By default, Passthrough will not ask you to create yet-another password. Instead, we authenticate you through your email with a short-lived expiring sign-in link.
Passthrough is built from the ground up with a secure-by-design architecture. All of our services are containerized and executed by Google's fully-managed serverless architecture using multiple layers of isolation. This means we do not maintain servers or even virtual machines for attackers to target.
Our team follows robust internal controls which we've arrived at in collaboration with our compliance partners. You can contact security@passthrough.com for additional documentation or to report a security incident.
Your Privacy Choices