Keeping your data safe
Թ is proudly SOC 2 Type 2 certified. We take a layered approach to ensure your data is always safe, secure, and available to you at all times.

Control your transparency
Թ products include robust permissions and data protection that allow for greater control over the accessibility of your data.
- Cloud-based SaaS
- Supports SSO via Microsoft and Google OAuth2.0 providers as well as SAML
- Strong access controls that include custom permission groups for controlled transparency


Encrypted Data
Our trusted infrastructure protects your data at every level.
- Data is fully encrypted in transit and at rest with RSA 256-bit encryption
- TLS 1.2 with perfect forward security ciphers and 1.3 with HSTS
Vulnerability assessment and monitoring
Թ applications are routinely checked against the Open Web Application Security Project (OWASP) top vulnerability list.
We ensure you always have access to your data with 99% uptime for Թ applications.

Թ Security and Compliance FAQ
Data Storage and Resiliency
Where is customer data for Թ Bench stored?
Թ Bench is hosted on AWS in North America. All customer data is stored in AWS in the US. More specifically: We host on the west coast across multiple Availability Zones and have Disaster Recovery infrastructure in central US.
Is customer data in Թ Bench backed up?
Yes, customer data in Թ Bench is backed up continuously and the backups are encrypted at rest. Customer data is also replicated across availability zones.
Does Թ have a Disaster Recovery and Business Continuity Plan?
Yes, Թ has a Disaster Recovery and Business Continuity Plan.
Data Retention
How long does Թ retain customer data? Can a customer request deletion of their data?
By default, we retain customer data for the duration of your contract. If a customer requests the deletion of their data, we will delete their data within 90 days unless legally prohibited. Customer data that is part of the historical data import prior to implementation will be retained only as long as needed by the implementation team and will be deleted within 100 days of collecting the data from the customer.
Security Compliance and Certifications
What security compliance/certifications does Թ have?
Թ currently has certification for SOC 2 Type 2. Թ has no other security compliance/certifications at this point in time. SOC 2 Type 2 report can be shared with a signed NDA in place.
Responsible Disclosure Policy
How can I report a security concern or vulnerability?
At Թ, we are committed to maintaining the highest level of security for our systems and data. We encourage security researchers to report any potential vulnerabilities responsibly. Please refer to our Responsible Disclosure Policy for detailed guidelines on how to submit a report.
Integrations
Is data secure moving between Թ Bench and other software?
All access to Թ REST API endpoints require an access key and are secured with TLS. This access key can be regenerated on demand by customers. Learn more about our Open API here.
Integrations with other applications are all opt-in and authenticate via OAuth or other applicable mechanisms required by the third-party application. Integrations can be disabled at any time.
Թ Employees
Are Թ employee computers secure?
It is mandatory for employee computers to have strong passwords, encrypted disks, firewalls, and, where applicable, inbound and outbound network traffic monitoring and alerting.
TALK TO AN EXPERT
Discover what Թ can do for you.
Թ gives you one clear view of projects, roles, and people—so you can plan ahead, staff smarter, and keep work moving.