Data Protection
Multiple layers of encryption and security controls protect your data at every stage.
Encryption at Rest
All data is encrypted at rest using AES-256 encryption. Encryption keys are managed securely and rotated regularly.
Encryption in Transit
All communications use TLS 1.3 encryption. We enforce HTTPS for all connections and use certificate pinning for critical APIs.
Token Security
OAuth tokens are encrypted with per-organization keys. We never store your Microsoft credentials - only delegated OAuth tokens with minimal scopes.
Secure Storage
Data is stored in EU data centers (Frankfurt, Germany) with geographic redundancy. Backups are encrypted and tested regularly.
Permission Model
We believe in minimal permissions. TrueConfig only requests what it needs—nothing more.
Read-Only by Default
TrueConfig operates in monitoring mode by default. We only request read permissions to scan your Microsoft 365 configuration.
Optional Write Access
Write permissions for auto-remediation are completely optional. You explicitly grant them only if you want automated fixes.
Minimal Scopes
We request only the Microsoft Graph API permissions needed for each feature. No unnecessary access to emails, files, or personal data.
Full Transparency
Every action TrueConfig takes is logged in your audit trail. You can see exactly what was read, when, and why.
Security Architecture
Multi-tenant isolation with row-level security ensures your data is completely separated from other customers.
Compliance & Certifications
We're committed to meeting the highest security and compliance standards.
Independent audit of our security controls. Expected completion: Q3 2026.
Full GDPR compliance including data subject rights, DPA availability, and EU data residency.
Information security management system certification planned for 2026.
Trust Center
Access our security and compliance documentation.