Secure at every level
We design everything – product features, infrastructure, internal processes – with the security of your data and money in mind.

Trusted by over 20,000 companies big and small
























































Our multi-layered approach


Product security
With access controls, order approvals, and account takeover prevention, you decide who sees your data.


Process security
We maintain SOC 2 Type II compliance and conduct regular penetration tests with a third-party.


Infrastructure security
We protect PII with bank-level data encryption, continuous data backups, and environment segregation.


Fraud prevention
Identify and block fraudulent payouts using our built-in AI-powered toolkit and customizable controls.
Product security
Zero-trust architecture for sensitive data
Sensitive data, like reward links and API keys, are one-way encrypted. Even we can’t access them after they’re created.
Access controls
Set role-based permissions to control who can do what.
Login protections
Unfamiliar login attempts require an extra email verification step to confirm identity.
Audit logs
Admins can view and track activity in your account. Our logs serve as digital trails for security audits.
Single sign-on support
We support SAML 2.0 protocol so you can authenticate users via external identity providers, including Gmail and Okta.
Multi-factor authentication
Require multi-factor authentication for everyone at your org.
Order approvals
Customize which orders require admin approval before being sent.
Webhook signatures
We sign webhook payloads so listeners know messages haven’t been tampered with in transit.
Process security
SOC 2 Type II Compliant
Reach out to your customer success manager or clients@tremendous.com to request a copy of our SOC 2 reports and attestations.
Penetration tests
Third parties conduct penetration tests to flag any vulnerabilities. Ask our team for results.
Vulnerability scans
As part of SOC 2 compliance, we conduct regular scans with a leading solution that spots vulnerabilities with 99.7% accuracy.
Internal multi-factor authentication
Tremendous employees are required to use MFA to access our systems.
Infrastructure security
Environment segregation
Sandbox and production environments are segregated to maintain privacy and data integrity.
Data encryption
We encrypt data both at rest and in transit.
Continuous data backups
Our data backup and recovery system ensures your data is always safe and accessible to you.
DDoS protection
We use the latest technology to protect against denial-of-service attacks and maintain availability.
Fraud prevention
Customizable fraud controls
Set fraud control rules to flag bad actors based on IP address, country, amount redeemed, and more.
Identify fraudsters cycling through identities
Flag fraudsters posing as different recipients, including those using VPNs or different emails.
Review flagged rewards
Suspect rewards are held for your review, so you can be 150% sure it’s fraud before you block.
Fight fraud together
Flag known fraudsters blocked by over 20,000 other companies in the Tremendous network.