Trumba is built to deliver dependable performance at scale, with multiple safeguards to minimize disruption.

Redundancy & High Availability
‍Our production environment includes full hardware and software redundancy. Intelligent load balancing automatically routes traffic to active systems to avoid service impact from equipment failures.

Scalable Infrastructure
‍The Trumba platform operates on a scalable server architecture designed to meet growing customer demand without service degradation.

Disaster Recovery
‍We maintain a geographically separate disaster recovery data center. Data is synchronized securely and regularly between primary and standby facilities to support business continuity.

24×7 Health & Performance Monitoring
‍Our Operations team monitors system health and performance around the clock, 365 days a year, and is prepared to respond rapidly to outages or critical performance issues.

Trumba maintains a formal security governance program to manage risk and improve controls over time.

• Documented security policies and procedures
• Employee onboarding and offboarding controls
• Change management practices
• Ongoing security awareness and training

Our security program aligns with NIST 800-122 principles and is reviewed regularly to address evolving threats and regulatory expectations.

‍Physical Security

Trumba’s production systems are housed in a professionally managed, SOC 2–certified colocation facility. The facility features multi-layered physical security controls and is guarded on site 24×7×365.

Network & Hosting Security

Customer data is hosted on an enterprise-grade network infrastructure designed for high availability, intelligent routing, and resilience across major internet backbones.

‍Encryption

• Data is encrypted in transit using TLS 1.2 or higher.
• Data is encrypted at rest using AES-256 encryption.

Customer Data Isolation
‍Customer data is logically segregated to prevent unauthorized access between tenants.

Privacy Practices
‍Trumba maintains a published Privacy Policy outlining how personal and institutional data is handled and protected.

‍Secure Development Practices
‍Trumba applies industry best practices throughout the software development lifecycle, including code review and testing for common web application vulnerabilities such as the OWASP Top 10.

Vulnerability Management

• Regular internal and external vulnerability scans using third-party tools
• Annual independent penetration testing
• Ongoing remediation and risk reduction for identified findings

‍Continuous Monitoring
‍Security and availability monitoring is in place 24×7 to detect anomalies and potential threats.

Incident Response
‍Trumba maintains a documented incident response plan with defined escalation and communication procedures.

Business Continuity & Disaster Recovery
‍Business Continuity (BCP) and Disaster Recovery (DRP) plans are documented and tested annually. Additional details are available under NDA.

Trumba supports customer compliance and due diligence through recognized frameworks and independent assessments.

• Hosting in a SOC 2–certified data center
• PCI DSS compliance for payment workflows
• Annual penetration testing by an independent provider
• Participation in customer-initiated security assessments
• Completion of HECVAT and CSA CAIQ self-assessments

Payment Security
‍Trumba does not process or store credit card numbers. Payments are handled securely through third-party payment gateways, significantly reducing Trumba’s PCI scope.

Trumba supports healthcare and health-adjacent organizations with a dedicated HIPAA-aligned security program.

• Updated HIPAA-compliant policies and procedures
• Annual HIPAA risk assessments
• Employee HIPAA training
• Designated privacy officer
• Logging, encryption, and password management standards

A Business Associate Agreement (BAA) is available upon request with an Enterprise license.

Trumba is committed to inclusive access and usability.

• Conformance with WCAG 2.1 Level AA standards
• VPAT documentation available upon request