Trust and Security

We understand that the data we collect can be extremely sensitive. These are some of the things we do to protect you and your data.


All data is encrypted at rest using AES256 or better and in transit using TLS1.2+.

2-Factor Authentication

Passthrough supports 2-factor authentication. Learn how to enable it on your account.

AICPA SOC 2 Compliant

Passthrough undergoes annual SOC 2 audits to verify the privacy and security of our information systems and internal controls.

Penetration tested

Passthrough hires third parties to simulate cyber attacks on our systems to proactively search for vulnerabilities.

Built on Google Cloud

Passthrough uses Google Cloud for our backend infrastructure. Google Cloud is a market leader in security and are compliant with all of the relevant data industry standards, including ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and AICPA SOC.


Compromised credentials are the #1 attack vector in the industry. By default, Passthrough will not ask you to create yet-another password. Instead, we authenticate you through your email with a short-lived expiring sign-in link.

Multiple layers of isolation

Passthrough is built from the ground up with a secure-by-design architecture. All of our services are containerized and executed by Google's fully-managed serverless architecture using multiple layers of isolation. This means we do not maintain servers or even virtual machines for attackers to target.

Robust internal controls

Our team follows robust internal controls which we've arrived at in collaboration with our compliance partners. You can contact for additional documentation or to report a security incident.