Trust center

Security is the product.

Triago is built for the CISOs of regulated industries — and held to their standard. Every tenant. Every region. Every action.

Certifications

Compliant by construction.

SOC 2 Type II

Continuous monitoring. Latest report on request.

ISO 27001 · 27017 · 27018

Cloud + privacy controls.

HIPAA

BAA available on Enterprise.

NVIDIA AI Enterprise

Certified, supported deployment platform. Procurement trust signal for F500 and government buyers.

FedRAMP Moderate

In process. JAB pathway, sponsor named.

PCI-DSS

SAQ-D level for relevant tenants.

GDPR

EU DPA + SCCs. EU data residency.

EU AI Act

High-risk system conformity package.

ISO 42001

AI management system — pursued 2026.

Architecture

Designed for tenant isolation.

Tenant isolation

Schema-per-tenant on Enterprise. Row-level on Growth. Per-tenant KMS keys. Optional BYOK.

Data residency

US, EU, UK, AU, JP regions. Pinned-region storage and inference. No cross-region replication without consent.

Encryption

AES-256 at rest, TLS 1.3 in transit. Field-level encryption on PII. Customer-managed keys via AWS KMS or HashiCorp Vault.

Prompt-injection defense

Input sanitization, allowlisted tool surfaces, output validators, abstention on adversarial prompts. Public red-team report annually.

Audit log

Immutable, append-only, exportable to your SIEM via webhook, S3, or syslog. Every agent step. Every tool call. Every approval.

Model training

We do not train foundation models on your data. Opt-in federated fine-tuning available for Enterprise — never raw data, never cross-customer.

Responsible disclosure

Report a vulnerability.

We respond within 24 hours. Bounty via HackerOne. PGP key below.

security@triago.com
Key fingerprint: 7F4B 2A91 C0E6 D55A 9F33 8B14 2E07 6C90 1F4A 88D2

# Bug bounty
scope: api.triago.com, app.triago.com, *.triago-edge.com
rewards:
  critical: $25,000
  high: $8,000
  medium: $2,500
  low: $500