Traxiq

Security at Traxiq

Trust is central to how teams use Traxiq. This page summarizes our security practices at a high level. For contractual commitments, refer to your order form, data processing agreement, and security exhibits.

Last reviewed: April 18, 2026

Encryption in transit and at rest

Industry-standard TLS for data in transit. Sensitive data at rest is encrypted using managed keys and provider-backed key management where applicable.

Identity and access

Role-based access for internal systems, least-privilege defaults, MFA for administrative access, and centralized logging of privileged actions.

Infrastructure

Hosted on major cloud providers with hardened baselines, network segmentation, and continuous patching aligned with vendor recommendations.

Product security

We design features with secure defaults: scoped OAuth permissions for source control integrations, short-lived tokens where possible, and separation between customer tenants. Enterprise deployments can support additional controls such as VPC isolation and customer-managed keys—see your agreement for availability.

Operational security

Monitoring and incident response

We monitor infrastructure and application signals for anomalies. Security incidents are triaged under a documented process that includes containment, eradication, recovery, and customer notification where required by law or contract.

Vendors

We assess subprocessors for security and privacy practices appropriate to the services they provide. A current list is available to customers under NDA upon request.

Compliance posture

We align controls with common frameworks and customer diligence questionnaires. Specific certifications and audit reports are shared with customers as part of procurement—not all attestations are published publicly.

  • Written policies for access, change management, and business continuity
  • Annual risk assessments and targeted penetration testing
  • Employee security training and background checks where appropriate

Vulnerability disclosure

If you believe you have found a security vulnerability in Traxiq, please email security@traxiq.com with a description, steps to reproduce, and any supporting material. We ask that you give us a reasonable time to remediate before public disclosure. We do not run a public bug bounty program at this time but we appreciate good-faith reports.

Your responsibilities

Security is shared. You should:

  • Protect account credentials and enable SSO/MFA where available;
  • Rotate API keys and integration tokens when team members leave;
  • Review OAuth scopes granted to Traxiq in your Git provider; and
  • Report suspected unauthorized access to support immediately.

Privacy

For how we handle personal data, see our Privacy Policy.