TipHaus uses enterprise-grade security and regular audits to ensure you’re always protected. We undergo regular penetration testing and security reviews designed to be SOC 2 compliant.

Section 1: Application Security

* Data is encrypted in transit with TLS 1.2. Data is encrypted at rest with AES.

* Independent third-party penetration, threat, and vulnerability testing.

* User access controls with single sign-on and MFA.

Section 2: Our policies are based on the following foundational principles:

* Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

* Security controls should be implemented and layered according to the principle of defense-in-depth.

* Security controls should be applied consistently across all areas of the enterprise.

* The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Section 3: Continuous Security Commitment

* Penetration Testing

We perform an independent third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.

* Security Awareness Training

Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.

* Third-Party Audits

Our organization undergoes independent third-party assessments to test our security controls.

* Roles and Responsibilities

Roles and responsibilities related to our information security program and the protection of our customer’s data are well defined and documented.

* Information Security Program

We have an information security program in place that is communicated throughout the organization. Our information security program follows the criteria set forth by SOC 2.

* Continuous Monitoring

We continuously monitor our security and compliance status to ensure there are no lapses.

Section 4: Data privacy

At TipHaus, data privacy is a top priority—we strive to be trustworthy stewards of all sensitive data.

* Privacy Shield

TipHaus maintains an active Privacy Shield Membership

* Regulatory compliance

TipHaus evaluates updates to regulatory and emerging frameworks continuously to evolve our program.

* Privacy Policy and DPA

View our Privacy Policy