Your code is

secure with Trunk

Trusted by the dev teams everywhere to code, test and merge their software.


We comply with global data protection and security frameworks

  • SOC 2 Type I

    Trunk is dedicated to the highest standards of security, availability, and confidentiality. This milestone assures our customers of the robustness of our security controls. For details on our security practices or to request a copy of our SOC 2 report, please contact us.

    <p>SOC 2 Type I</p>
  • SOC 2 Type II

    Trunk's SOC 2 Type II certification is in progress. It will be audited annually going forward.

    <p>SOC 2 Type II</p>
Infrastructure and Data Security

We're built to secure your intellectual property

  • Secure Infrastructure

    We host all of our data in physically secure, U.S.-based Amazon Web Services (AWS) facilities that include 24/7 on-site security and access monitoring.

  • Data Encryption in transit & at rest

    All data sent to or from Trunk is encrypted using  Transport Layer Security (TLS) and HTTP Strict Transport Security (HSTS), and all customer data is encrypted using AES-256.

  • Access Controls

    Access to customer data is limited to functions with a business requirement to do so. Access to environments that contain customer data requires a series of authentication and authorization controls, including multi-factor authentication (MFA). Trunk enforces the principles of least privilege and need-to-know for access to customer data, and access to those environments is monitored and logged for security purposes.

  • Data Redundancy and Backup

    Trunk’s infrastructure has been designed to be fault tolerant. All databases operate in a cluster configuration and the application tier scales using load balancing technology that dynamically meets demand.

Corporate Security

We hold our employees to the highest standards

  • Security Policies and Incident Response

    Trunk keeps updated security policies to address changing security needs. These policies are available to employees for training and reference on the company’s internal platform.

  • Onboarding and Offboarding Procedures

    New hires at Trunk undergo background checks and are required to complete “Legal and Security” and annual InfoSec training. When an employee leaves, we immediately disable their access to devices, apps, and company resources through Trunk's IDM and MDM tools.

  • Continuous Security Training

    The Security Team at Trunk regularly educates employees about new security threats and conducts phishing awareness campaigns.

  • Office Security

    Trunk has a program to handle visitor management, office access control, and general office security.

Application and Development Security

Build with security in mind from the ground up

  • Secure Development Lifecycle

    Code development is done through a documented SDLC process, and every change is tracked via GitHub. Automated controls ensure changes are peer-reviewed and pass an internal security review before being deployed to production.

  • Rigorous product design and security testing

    Our projects pass thorough security-design reviews, threat models, and regular pen tests using trusted security vendors. Additionally, we consistently perform threat modeling exercises to stay ahead of potential security risks.

  • Application monitoring and protection

    All app access is logged and audited. We also use a wide variety of solutions to quickly identify and eliminate threats.

  • Third-party vendor security review

    We ensure that all of our third-party apps and providers meet our security data protection standards before using them.

Customer Data Protection

  • Customer Control Over Data

    Explain how customers can manage their data within’s platform, including data export and deletion capabilities.

  • Subprocessors

    We ensure that all of our third-party apps and providers meet our security data protection standards before using them. See for an up-to-date listing.

  • Privacy by Design

    Your data is yours to own. Trunk does not sell our customers' user data.

  • Privacy Policy

    See for our latest policy.

Try it yourself or request a demo

Get Started for Free