Trust and Security

We understand that the data we collect can be extremely sensitive. These are some of the things we do to protect you and your data.

Encryption

All data is encrypted at rest using AES256 and in transit using SSL/TLS.

Passwordless-by-default

Compromised credentials are the #1 attack vector in the industry. By default, Passthrough will not ask you to create yet-another password. Instead, we authenticate you through your email with a short-lived expiring sign-in link.

2-Factor Authentication

Passthrough supports 2-factor authentication. Learn how to enable it on your account.

Built on Google Cloud

Passthrough uses Google Cloud for our backend infrastructure. Google Cloud is a market leader in security and are compliant with all of the relevant data industry standards, including ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and AICPA SOC.

Multiple layers of isolation

Passthrough is built from the ground up with a secure-by-design architecture. All of our services are containerized and executed by Google fully-managed serverless architecture using multiple layers of isolation. This means we do not maintain servers or even virtual machines for attackers to target.

Robust internal controls

Our team follows robust internal controls which we've arrived at in collaboration with our compliance partners. Additional documentation is available upon request.