TrendTech

Security

Security at TrendTech

TrendTech's trust centre is at trust-centre.html and covers our security posture in detail. We hold SOC 2 Type II and ISO 27001:2022 certifications and operate exclusively in EU jurisdictions for customer-data scope.

Certifications and frameworks

  • SOC 2 Type II (current, last completed Q1 2026)
  • ISO 27001:2022 (certified, BSI)
  • GDPR-aligned data processing posture
  • EU-only hosting for customer data (AWS Frankfurt primary, Dublin secondary)
  • Annual third-party penetration test (last: Q4 2025)

Data protection

All customer data is processed and stored within the European Union. AWS Frankfurt is the primary region; AWS Dublin is the backup region. No customer data is transferred outside the EU. Our subprocessor list is documented in the trust centre and updated with 30 days' notice before changes.

Vulnerability disclosure

We welcome reports of security issues affecting our systems. To report a vulnerability, see our security.txt file or write to security@trendtechsoft.com. We commit to acknowledging reports within two working days and to a coordinated disclosure timeline of up to 90 days, extendable by agreement.

Penetration testing

Our infrastructure is independently tested annually by a CREST-accredited assessor. The latest assessment was completed in Q4 2025 (assessor: Big-Four-tier consultancy); an executive summary is available to prospective clients on request under NDA.

Subprocessors

A current list of our subprocessors is available on request to clients under NDA. Updates to the list are notified by email with 30 days' notice.