Security at prodash.ai

Encryption

• In transit: all traffic to and from prodash.ai is encrypted with TLS 1.2 or higher.
• At rest: customer data is encrypted at rest with AES-256 on managed cloud storage.

Access Control

• Production access is restricted to a small set of engineers and requires SSO with hardware-key-backed multi-factor authentication.
• Permissions follow least-privilege principles and are reviewed regularly.
• Customers control their own user roles; admins can invite, suspend, and remove team members at any time.

Infrastructure

The Service runs on top of major cloud providers in the United States. Underlying providers maintain SOC 2, ISO 27001, and other certifications. Backups are encrypted and tested regularly.

Application Security

• Code is reviewed before merging; production deploys go through an automated CI pipeline including dependency scanning.
• We follow secure-development practices aligned to the OWASP Top 10.
• Secrets are stored in a managed secrets manager — never in source control.

Monitoring & Incident Response

We log application and infrastructure events centrally and alert on suspicious activity. If we discover an incident affecting your data, we'll notify you promptly with what we know, what we're doing about it, and what you should do.

Data Handling

• You own your data. You can export it at any time.
• We delete or anonymize Customer Data within a reasonable period after account closure, unless legal obligations require longer retention.
• We do not use Customer Data to train AI models without your explicit consent.

Responsible Disclosure

If you believe you've found a vulnerability, please email no-reply@trinitycrm.io with steps to reproduce. We commit to acknowledging reports within two business days and won't take legal action against good-faith research that follows this policy.

Questions

For security questionnaires, DPAs, or other compliance documents, email no-reply@trinitycrm.io.