We understand that the data we collect can be extremely sensitive. These are some of the things we do to protect you and your data.
All data is encrypted at rest using AES256 or better and in transit using TLS1.2+.
Passthrough undergoes annual SOC 2 audits to verify the privacy and security of our information systems and internal controls.
Passthrough hires third parties to simulate cyber attacks on our systems to proactively search for vulnerabilities.
Passthrough uses Google Cloud for our backend infrastructure. Google Cloud is a market leader in security and are compliant with all of the relevant data industry standards, including ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and AICPA SOC.
Compromised credentials are the #1 attack vector in the industry. By default, Passthrough will not ask you to create yet-another password. Instead, we authenticate you through your email with a short-lived expiring sign-in link.
Passthrough is built from the ground up with a secure-by-design architecture. All of our services are containerized and executed by Google fully-managed serverless architecture using multiple layers of isolation. This means we do not maintain servers or even virtual machines for attackers to target.
Our team follows robust internal controls which we've arrived at in collaboration with our compliance partners. You can contact firstname.lastname@example.org for additional documentation or to report a security incident.