Security at Tirion

We handle sensitive intelligence data. Security is the foundation everything else is built on.

Encryption everywhere
TLS 1.3 for all data in transit. AES-256 for all data at rest. Encrypted from ingestion to display.
Access controls
Role-based access control (RBAC). MFA available for all accounts, required for admins.
Threat detection
Continuous monitoring with AWS GuardDuty and CloudWatch. DDoS protection through Cloudflare and AWS Shield.
Audit logging
Every data access logged with who, what, when, and where. Immutable logs stored separately from application data.
Network isolation
Intelligence data sits behind a VPN — never exposed to the public internet. Private subnets for all databases.
Data separation
Customer account data and intelligence data live in separate databases with independent access controls.

Compliance & certifications

SOC
SOC 2
In progress
Working toward SOC 2 Type II certification. Systems designed to meet all five trust service criteria.
VSA
Vendor Security Alliance
In progress
Completing the VSA questionnaire. Contact us for current security documentation.
TLS
Encryption standards
Active
TLS 1.3 for all connections. AES-256 at rest. AWS KMS for key management. HSTS enforced.
H
HIPAA ready
Available on request
Infrastructure designed to support HIPAA compliance. BAAs available for healthcare-affiliated organizations.

Infrastructure security

Cloud infrastructure
Runs on Amazon Web Services (AWS) with SOC 1/2/3, ISO 27001, and FedRAMP certifications. HIPAA-eligible and PCI DSS compliant services.
Network architecture
Zero-trust model with defense in depth. Intelligence databases never exposed to the public internet. WAF on all public endpoints. Encrypted inter-service communication.
Incident response
Documented incident response plan. Critical incidents acknowledged within 15 minutes. Affected customers notified within 72 hours of any confirmed data breach.
Vulnerability management
Regular vulnerability scans, aggressive patch management, automated dependency monitoring. Responsible disclosure program planned.
Business continuity
Daily automated backups with point-in-time recovery. Encrypted backups in separate AWS region. RTO: 4 hours. RPO: 1 hour.

Have security questions?

We're happy to discuss our security practices, provide documentation, or complete your organization's security questionnaire.

Contact security team Report a vulnerability