Why Switch?
Partners
Pricing
Security
Login

SECURITY

Security is foundational to every decision we make.

We take security seriously. Every decision in creating Trustworthy begins with the safety and privacy of your data in mind.

Download PDF

Overview

Trustworthy is designed to protect you from breaches and other threats. Our team works diligently to keep your information safe at all times and we work with other security experts and auditors to make sure our code and business practices meet or exceed industry standards.

Above all we firmly believe that you are the sole owner and arbiter of your information. We won’t share it or sell it without your permission.

User Authentication

Identity verification
Trustworthy requires you to create and validate your identity before creating your account and adding any information. We ask for an email username, a strong password, and two-factor authentication to validate that you are who you say you are. 

From the beginning of your Trustworthy experience, you are the arbiter of your account and information. Know that only you — and the trusted people you invite to your account — have access to your information. 

Password
We require a highly secure password formula for all users. That entails a minimum of 8 characters with numbers, symbols, and upper- and lower-case characters. We recommend creating a password of 14 characters or more.

Increasing the number of characters and interspersing numbers and symbols dramatically enhances security. A more complex and lengthy password makes it cryptic enough that it would take an attacker decades to crack.

Two-factor Authentication 
Trustworthy requires two-factor authentication as a default — not an option — to verify your identity and allow you to log in to your account.

Our platform supports multiple different factors, including:

  • SMS

  • Voice verification

  • Authenticator apps

  • Hardware security keys

As a Trustworthy member, multi-factor authentication is non-negotiable. You can choose to add additional layers of security depending on your personal security preferences.

Two-factor authentication is an extra layer of security for Trustworthy accounts. This design ensures that you’re the only one who can access your account, even if someone else knows your password.

Recent research suggests that your account is 99.9% less likely to be compromised if you use two-factor authentication. In fact, many technology companies are moving towards two-factor authentication as the default.

Hardware Keys
Trustworthy provides hardware security keys (also known as a security token) that allows you to add a second authentication factor to online services.

To use a hardware security key, you must be physically present to authenticate and log in to your account. Hardware security keys are one of the best ways to avoid phishing and account takeovers. 

Please email concierge@trustworthy.com to request a Trustworthy hardware security key.

Biometric Authentication
Trustworthy uses biometric (facial or fingerprint) authentication on our iOS mobile app. 

Biometric authentication allows for a convenient and fast user experience, while also providing a high level of security that's difficult to fake or steal. Because biometrics can only be provided by living, breathing people, it's also harder for robots to impersonate or breach.

Data Protection

Encryption
Your Trustworthy data is encrypted to keep it safe, both at rest and in transit. Our security formula starts with Advanced Encryption Standard (AES) 256-bit encryption. We also use multiple techniques to make sure only you have access to your information.

Trustworthy encrypts all customers’ sensitive data to prevent unauthorized access, ensuring that your data stays secure. 

Redaction
Our user interface redacts or hides sensitive information by default. To display this information, you can choose to show it to see the redacted information.

Redaction prevents wandering eyes from seeing sensitive information on your screen.

Aliasing
Trustworthy uses an industry-leading security technique called “aliasing” to protect your information. Aliasing removes sensitive data from Trustworthy servers and replaces it with a corresponding alias. This keeps the sensitive information protected and separate from your account. 

The alias (token) has no exploitable meaning and can only be “de-tokenized” with the original tokenization platform. For example, if a cybercriminal gained unauthorized access to our database containing tokenized sensitive data, the alias would be useless to the attacker and neutralize the threat.

Logging
Trustworthy creates comprehensive audit logs of the events (by individual users) within each member account. This allows you to account for every change that has occurred within your account (and who made that change).

Having a complete record of events in your account provides transparency around all account changes.

Security Policies
Our security policies, controls, and standards cover a wide range of areas to include: 

  • Information security

  • Incident response

  • Access control

  • Physical security

  • Network security

  • Vulnerability management

  • Software/systems development life cycle

  • Secure development

  • Change management

  • Vendor management

  • Disaster recovery

  • Business continuity

These policies ensure that your and your family’s information is kept safe every step of the way.

Compliance & Certifications

We continually improve our compliance practices to meet or exceed industry standards and audits.

SOC2
Trustworthy is AICPA SOC2 type one certified and has undergone a SOC2 type one examination, resulting in an independent CPA’s report and certification. A SOC 2 type one report assures you that Trustworthy has established and continues to follow strict information security policies and procedures, and provides independent, third-party verification that Trustworthy operations meet or exceed defined levels of processes and controls for the security of customer data.

HIPAA
Trustworthy is compliant under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This means we manage the privacy and security of your information in accordance with the extremely formal and rigorous requirements of HIPAA, a compliance framework designed to protect sensitive personal and health information, especially any information held electronically. Not only do we hold ourselves to this high standard, we ensure that any third parties through which your information is transmitted are liable for protecting the privacy and security of your information to the same extent as Trustworthy.

PCI DSS Level 4
Trustworthy has been certified as Payment Card Industry Data Security Standard (PCI DSS) Level 4 compliant. This means we have completed a Self-Assessment Questionnaire (SAQ) and had an Approved Scanning Vendor (ASV) conduct quarterly network scans.

McAfee TrustedSite Certified Secure
Trustworthy is certified as a McAfee TrustedSite. This means that our online presence has passed McAfee’s rigorous tests for malware, viruses, and phishing and is regularly monitored by McAfee for security issues.

Norton Secured by Verisign
We are a Norton approved secure site. This means that Trustworthy is using a Verisign SSL (Secure Sockets Layer) certificate to keep your connection to Trustworthy secure at all times. It also means that Trustworthy sites are receiving a vulnerability scan on a daily basis. If Norton reports an issue, the seal no longer displays.

BBB Accredited
Trustworthy is a Better Business Bureau (BBB) accredited business. This means that Trustworthy meets the BBB’s accreditation standards, including a commitment to make a good faith effort to resolve any consumer complaints.

Vulnerability Management
We perform regular application and infrastructure security vulnerability and penetration testing. Trustworthy uses internal security staff and third-party security researchers/specialists to proactively identify vulnerabilities and complete remediation in a timely manner. To responsibly disclose or report a security vulnerability to Trustworthy, please contact security@trustworthy.com.

Security Partners

Trustworthy works with a variety of security providers to enhance our own security architecture. We only work with providers who have the best security in every respect. As part of our security certifications, these partners have been vetted for their own compliance of the highest levels of security and privacy for the customers they serve. 

Member data may be stored in the Trustworthy private virtual cloud (such as Amazon Web Services), which we built to run business operations. These partners don’t have the keys to decrypt member data stored on their servers.

Business

Business model
Trustworthy revenue comes from subscribers — not advertisers. We believe that when you don’t pay for the product, you are the product. The Trustworthy business is underpinned by three core tenets: Private, Protected, & Yours.

  • Private - We will never share or sell your family information. 

  • Protected - Your family information is protected at all times by leading edge security measures including 256-bit encryption, biometrics, and hardware security keys.

  • Yours - You are the arbiter of your data and can elect to remove it from our service at any time.

Employee Security
All Trustworthy employees undergo rigorous background and security checks before being hired. 

The Trustworthy IT Security Team manages employee company applications and devices. This allows us to remove access to business applications and remotely freeze or wipe devices as needed.

Questions or Concerns?

If you have any questions or concerns, please get in touch with us at: security@trustworthy.com

If you're a security researcher and you believe you've uncovered a security issue in our products, please email us at vulnerability-report@trustworthy.com with the necessary information to reproduce the issue.

Security is built into everything Trustworthy does. This isn’t a platitude. It’s a foundational part of our team culture.

Frequently Asked Questions

{{ /accordion}}