Secure at every level

We design everything – product features, infrastructure, internal processes – with the security of your data and money in mind.

Book a demo

Trusted by over 20,000 companies big and small

Ideo
Syneos
Bonusly
Prudential
MIT
Square
Visa
Ideo
Syneos
Bonusly
Prudential
MIT
Square
Visa
Ideo
Syneos
Bonusly
Prudential
MIT
Square
Visa
Ideo
Syneos
Bonusly
Prudential
MIT
Square
Visa
Gartner
Philips
Github
Google
Hyatt
Notion
UnitedWay
Gartner
Philips
Github
Google
Hyatt
Notion
UnitedWay
Gartner
Philips
Github
Google
Hyatt
Notion
UnitedWay
Gartner
Philips
Github
Google
Hyatt
Notion
UnitedWay

Our multi-layered approach

Security Icon
Security Icon Hover

Product security

With access controls, order approvals, and account takeover prevention, you decide who sees your data.

Fraud 2 Icon
Fraud 2 Icon Hover

Process security

We maintain SOC 2 Type II compliance and conduct regular penetration tests with a third-party.

Gears Icon
Gears Icon Hover

Infrastructure security

We protect PII with bank-level data encryption, continuous data backups, and environment segregation.

Warning Icon
Warning Icon Hover

Fraud prevention

Identify and block fraudulent payouts using our built-in AI-powered toolkit and customizable controls.

Product security

  • Zero-trust architecture for sensitive data

    Sensitive data, like reward links and API keys, are one-way encrypted. Even we can’t access them after they’re created.

  • Access controls

    Set role-based permissions to control who can do what.

  • Login protections

    Unfamiliar login attempts require an extra email verification step to confirm identity.

  • Audit logs

    Admins can view and track activity in your account. Our logs serve as digital trails for security audits.

  • Single sign-on support

    We support SAML 2.0 protocol so you can authenticate users via external identity providers, including Gmail and Okta.

  • Multi-factor authentication

    Require multi-factor authentication for everyone at your org.

  • Order approvals

    Customize which orders require admin approval before being sent.

  • Webhook signatures

    We sign webhook payloads so listeners know messages haven’t been tampered with in transit.

Process security

  • SOC 2 Type II Compliant

    Reach out to your customer success manager or clients@tremendous.com to request a copy of our SOC 2 reports and attestations.

  • Penetration tests

    Third parties conduct penetration tests to flag any vulnerabilities. Ask our team for results.

  • Vulnerability scans

    As part of SOC 2 compliance, we conduct regular scans with a leading solution that spots vulnerabilities with 99.7% accuracy.

  • Internal multi-factor authentication

    Tremendous employees are required to use MFA to access our systems.

Infrastructure security

  • Environment segregation

    Sandbox and production environments are segregated to maintain privacy and data integrity.

  • Data encryption

    We encrypt data both at rest and in transit.

  • Continuous data backups

    Our data backup and recovery system ensures your data is always safe and accessible to you.

  • DDoS protection

    We use the latest technology to protect against denial-of-service attacks and maintain availability.

Fraud prevention

  • Customizable fraud controls

    Set fraud control rules to flag bad actors based on IP address, country, amount redeemed, and more.

  • Identify fraudsters cycling through identities

    Flag fraudsters posing as different recipients, including those using VPNs or different emails.

  • Review flagged rewards

    Suspect rewards are held for your review, so you can be 150% sure it’s fraud before you block.

  • Fight fraud together

    Flag known fraudsters blocked by over 20,000 other companies in the Tremendous network.

Learn more