Security

At Truelist, we take the security of your data seriously. This page outlines the measures we have in place to protect your information.

SOC 2 Type II Certification

Truelist is SOC 2 Type II certified. This independent audit, conducted by a third-party auditor, verifies that our security controls operate effectively over a sustained period — not just at a single point in time. The audit covers five trust service criteria: security, availability, processing integrity, confidentiality, and privacy.

Enterprise customers may request a copy of our SOC 2 report under NDA by contacting security@truelist.io.

Data Encryption

• In Transit: All data transmitted to and from Truelist is encrypted using TLS 1.2 or higher.
• At Rest: Data stored in our systems is encrypted at rest using industry-standard encryption.

Infrastructure

• Our services are hosted on Amazon Web Services (AWS) and OVH, leveraging their enterprise-grade security controls.
• We use isolated network environments and firewalls to protect our infrastructure.
• Access to production systems is restricted and logged.

Access Controls

• Employee access to customer data is limited to those who require it to provide support or maintain the service.
• We use strong authentication mechanisms for all internal systems.

Data Retention

• Email validation data is automatically deleted within 30 days of processing unless you choose to retain it longer.
• You can delete your data at any time through your account settings or by contacting us.
• For more details, see our Automatic Data Cleanup Policy.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@truelist.io. We appreciate responsible disclosure and will work with you to address any issues promptly.

Questions

For security-related questions, contact us at security@truelist.io.