GLOW MED SPA · 4.9★ · 247 REVIEWSAI REPLY GENERATED IN 0.8sQUICK FIX AUTO · 4.8★ · 189 REVIEWSRESPONSE RATE: 98%BRIGHT SMILE DENTAL · 4.7★ · 312 REVIEWSNEW REVIEW IMPORTEDSUMMIT AUTO REPAIR · 5.0★ · 88 REVIEWS+1.1★ AVG RATING INCREASERENATA MED SPA · 4.9★ · 201 REVIEWSSMS REQUEST SENTCOASTAL DENTAL · 5.0★ · 94 REVIEWSAI REPLY APPROVEDGLOW MED SPA · 4.9★ · 247 REVIEWSAI REPLY GENERATED IN 0.8sQUICK FIX AUTO · 4.8★ · 189 REVIEWSRESPONSE RATE: 98%BRIGHT SMILE DENTAL · 4.7★ · 312 REVIEWSNEW REVIEW IMPORTEDSUMMIT AUTO REPAIR · 5.0★ · 88 REVIEWS+1.1★ AVG RATING INCREASERENATA MED SPA · 4.9★ · 201 REVIEWSSMS REQUEST SENTCOASTAL DENTAL · 5.0★ · 94 REVIEWSAI REPLY APPROVED
Security

Your data is your business.
We treat it that way.

TrustMetric is built on industry-leading infrastructure with security-first defaults throughout. Here's exactly how we protect your business data.

How We Protect You
6 PILLARS

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API keys and secrets are stored using industry-standard secret management — never in plaintext.

Access Controls

Production system access is restricted to essential personnel only, protected by multi-factor authentication, and audited on a rolling basis.

Infrastructure

TrustMetric runs on Vercel and Supabase — both SOC 2 Type II certified providers. Your data lives in isolated, access-controlled environments.

Authentication

User authentication is handled by Clerk — a dedicated auth provider with industry-leading security, MFA support, and attack protection built in.

Incident Response

In the event of a security incident, we notify affected users within 72 hours, take immediate containment steps, and publish a post-mortem.

Regular Audits

We conduct regular dependency audits, penetration testing, and security reviews. Critical vulnerabilities are patched within 24 hours of discovery.

Infrastructure
CERTIFIED PROVIDERS

We don't build security from scratch — we stand on the shoulders of providers who have dedicated security teams and third-party certifications.

Clerk
Authentication
SOC 2 Type II
Supabase
Database
SOC 2 Type II
Vercel
Hosting
SOC 2 Type II
Stripe
Payments
PCI DSS Level 1
Twilio
SMS
ISO 27001
Anthropic
AI Processing
SOC 2 Type II
FAQ
SECURITY QUESTIONS

Can TrustMetric employees read my reviews or responses?

Access to customer data is restricted to essential engineering personnel for debugging purposes only, and is logged and audited. We do not read your data for any other purpose.

Where is my data stored?

Your data is stored in Supabase's managed PostgreSQL infrastructure, hosted on AWS in the US East region. Backups are encrypted and retained for 30 days.

What happens to my data if I cancel?

Your data is permanently deleted within 30 days of account deletion. Encrypted backups are purged within 90 days. We provide a data export before deletion on request.

How are my Google credentials stored?

We do not store your Google credentials. We use read-only Google Places API access with your Place ID. No OAuth tokens or passwords are retained.

Is TrustMetric GDPR compliant?

Yes. We support all GDPR rights including access, correction, deletion, and portability. Contact privacy@trustmetric.io to exercise your rights.

How do I report a vulnerability?

Email security@trustmetric.io with details. We take all reports seriously and respond within 24 hours. Responsible disclosure is always appreciated.

Responsible Disclosure

Found a vulnerability?

We take all security reports seriously. Email us at security@trustmetric.io with a detailed description. We respond within 24 hours and will work with you on responsible disclosure.

Report a Vulnerability →

Security questions? security@trustmetric.io

Privacy Policy →Terms →