We understand that the data we collect can be extremely sensitive. These are some of the things we do to protect you and your data.
All data is encrypted at rest using AES256 and in transit using SSL/TLS.
Compromised credentials are the #1 attack vector in the industry. By default, Passthrough will not ask you to create yet-another password. Instead, we authenticate you through your email with a short-lived expiring sign-in link.
Passthrough is built from the ground up with a secure-by-design architecture. All of our services are containerized and executed by Google fully-managed serverless architecture using multiple layers of isolation. This means we do not maintain servers or even virtual machines for attackers to target.
Robust internal controls
Our team follows robust internal controls which we've arrived at in collaboration with our compliance partners. Additional documentation is available upon request.