Enterprise-grade security you can trust

Not only do we build world-class features, but we are also SOC 2, Type-2 compliant. We built our platform with a laser focus on enterprise-grade reliability, security and data protection for our customers.

Security is at our core

At Terret, security is core to our business and product. It is a fundamental part of our platform and is essential to our business. As a Revenue Operations & Intelligence platform, we analyze and process sensitive data – revenue, call, and activity – for our customers. Our customers and partners trust us with their sensitive data, and we shoulder the responsibility to ensure appropriately managed security, confidentiality, and integrity of that data. We pride ourselves on our commitment to having the most robust security practices and safeguards implemented across the entire application stack and being proactive and responsive to our customers’ data security.

Exceeds compliance standards

Security-image2

End-to-end security protection

Terret is hosted entirely on Amazon Web Services (AWS), providing end-to-end security and privacy features built-in. Our team takes additional proactive measures to ensure a secure infrastructure environment. Gartner Research positions AWS in the Leaders quadrant of the new 2021 Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS). For more specific details regarding AWS security, please visit AWS Security.

Annual SOC2 and Pen Tests

Terret has partnered with the independent audit firm of Dansa D’Arata Soucia LLP, which has worked with numerous fast-moving start-ups across broad industry verticals. We have been SOC2 Type 2 compliant since 2020, and we do a comprehensive annually retest of all our SOC2 security and privacy controls. In addition, we do an annual application and infrastructure penetration test. The SOC2 and pen-test reports can be shared upon request.

CSA Star level 1 self-attestation

Patch management

Ongoing internal network security audits and scanning give us an overview for quickly identifying impacted systems and services. According to our in-house patch management policy, operating systems, software, frameworks, and libraries used in Terret infrastructure are regularly updated to the latest versions.

Furthermore, whenever a vulnerability in a product used by Terret or a high or critical vulnerability is publicly reported, prompt actions are taken to mitigate any potential risks for our customers. We apply hotfixes and patches promptly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS.

We put you in control

With Terret, we are committed to providing the highest security measures to ensure your data remains safe while giving you the control you desperately need.

Granular security policies

Selectively allow or deny field access for your organization. Easily set customer expiration dates for any data fields to further protect your data.

Auditable log access

Quickly audit our security log at any time and in real-time. This level of detail puts you in control of your own data.

User consent supported

Manage consent and access to applications at the user level. Alternatively, you can centralize the decision-making process with your security administrator team.

Top security and privacy features

Everyone at Terret is committed to protecting our customers' data. That’s why we continually monitor our network security and infrastructure allowing us to identify any vulnerabilities, their severity and resolve them quickly.

Information security protected by Amazon Web Services

Deliver revenue insights in the context of sales activity data - no more switching apps.

Data security by SSO and dual-factor authentication

Terret only allows login via Single Sign-On (SSO). SSO login is supported for Google Apps and Office365. As a result, Terret never stores any user passwords in our database.

We provide your team with access control

Terret employs the principle of least privilege – users should only be able to access functions, data files, URLs, controllers, services, and other resources they possess specific authorization. Terret makes extensive use of security groups to restrict access to minimum levels to all servers and resources.

Data encryption at rest and in motion

Terret deploys on AES256 encryption and implementations that have been validated against FIPS 140-2 protocols. TLS is used for all connections. All sensitive data is encrypted at rest and in transit across all networks.

Malicious data control practices

All SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected and not susceptible to SQL injection. Terret.ai application has security controls in place to prevent LDAP injection, OS command injection, Remote File Inclusion (RFI), Local File Inclusion (LFI), XML attacks and DOM Cross-Site Scripting (XSS) attacks.

Vulnerability management policies

Terret proactively monitors our infrastructure to identify any vulnerabilities and continuously works with security researchers to verify and address any issues. Please refer to our Vulnerability Disclosure Policy for more details.