Security and Compliance

Our Commitment

At Tranch, we uphold strong values of responsibility and integrity. We are committed to maintaining an open and honest environment, encouraging our employees and customers to communicate any concerns or violations of our policies. Our comprehensive security measures and adherence to industry standards ensure that your data is in safe hands.

For any questions, please contact [email protected] or to view our Legal & Policies here.

SOC 2 Certified

Tranch is proud to be SOC 2 Type 2 certified as of August 21, 2024. This certification demonstrates our commitment to maintaining the highest levels of security, availability, processing integrity, confidentiality, and privacy.

Our systems and controls have been thoroughly evaluated by an independent service auditor to ensure they meet the rigorous standards set by the AICPA Trust Services Criteria.

Annual Penetration Testing

In May 2024, we conducted an annual penetration test with a leading penetration testing company based on the OWASP Application Security Verification Standard (ASVS) and Web Security Testing Guide (WSTG). This test assessed the security of our web application and infrastructure, identifying potential vulnerabilities and ensuring robust protection against security threats. No critical risk vulnerabilities were found, reaffirming our commitment to secure our web application and safeguard client data. We continuously invest in advanced security technologies and methodologies to stay ahead of potential threats and ensure your data's safety.

PCI Compliance

We adhere to the Payment Card Industry Data Security Standards (PCI DSS), ensuring secure processing, storage, and transmission of credit card information. Tranch is certified as compliant under PCI DSS, significantly reducing the compliance burden for our clients. Tranch’s PayFac processor is certified as a Level 1 Service Provider, this being the highest security level available.

Our stringent security measures help protect against data breaches and ensure that our clients' financial transactions are conducted securely and reliably. We are dedicated to maintaining the highest standards of security to protect your financial information.

Active Anti-Money Laundering (AML) Policy

Tranch maintains a comprehensive AML policy to combat money laundering, terrorism financing, and other financial crimes. Our program includes customer due diligence (CDD), ongoing monitoring, and regular training for all our employees, ensuring adherence to legal and regulatory requirements across all jurisdictions where Tranch operates. Our robust AML framework helps us detect and prevent illicit activities, maintaining the integrity of our financial system. We continually update our policies to align with global standards and best practices, ensuring a proactive approach to financial crime prevention.

Privacy Policy

Our Privacy Policy sets out how Tranch is committed to protecting and respecting your privacy. Tranch’s approach to privacy covers data regulations covering the US and EU as well as the requirements for residents in Nevada and California. We employ rigorous data protection measures to ensure your personal information is handled with the utmost care. Our policy outlines the types of data we collect, how we use it, and the measures we take to keep it secure. We are dedicated to transparency and giving you control over your personal data, ensuring your privacy rights are always protected.

We provide detailed information on your rights regarding your personal data, including the right to access, correct, delete, or restrict processing of your data. Our processes are designed to make it easy for you to exercise these rights, ensuring you have full control over your information. Additionally, we explain how we use cookies and similar technologies to enhance your experience on our platform, providing clear options for managing your preferences.

Tranch also adheres to international data transfer regulations, ensuring your data is protected no matter where it is processed. We have implemented robust contractual agreements and data protection safeguards with our partners and service providers to maintain the highest standards of privacy and security. Our commitment to privacy extends to regular audits and assessments to verify our compliance with evolving legal and regulatory requirements.

Furthermore, we offer dedicated support for privacy-related inquiries and concerns at [email protected]. Our privacy team is available to assist you with any questions you may have about our data practices.

Business Continuity, and Disaster Recovery

Our robust Business Continuity and Disaster Recovery (BCDR) plans are based on the AICPA Standard for Disaster/Emergency Management and Business Continuity/Continuity of Operations. We perform annual risk assessments and regularly test our plans to ensure quick and effective responses to disruptions. Our pandemic readiness strategy, ensures our operations continue seamlessly during global health crises.