Security and Compliance at TrebleHook
TrebleHook is a CRM platform purpose-built for architecture, engineering, and construction (AEC) firms. Powered by Salesforce, we offer enterprise-grade security, data protection, and compliance capabilities to meet the needs of large, data-sensitive organizations.
Is TrebleHook Secure?
Yes. TrebleHook runs on the Salesforce Platform, which is trusted by global enterprises across regulated industries. By leveraging Salesforce infrastructure, TrebleHook inherits robust security features, including:
- End-to-end encryption (in transit and at rest)
- Multi-factor authentication (MFA)
- Role-based access controls
- Regular penetration testing and vulnerability scans
Explore Salesforce’s Trust Site >
What Compliance Standards Does TrebleHook Meet?
Because TrebleHook is built on Salesforce, it benefits from Salesforce’s extensive compliance certifications, including:
SOC 1
Type II report covering internal constrols over financial reporting systems
SOC 2
Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy
SOC 3
Public report of Security, Availability, Integrity, Confidentiality, and Privacy controls
ISO 27001
Compliance with specific information security and risk management requirements
ISO 27017
Adherence with ISO/IEC 27002 Code of Practice controls for cloud services
ISO 27018
Adherence with Code of Practice controls for protection of personal information
GDPR
How TrebleHook, through Salesforce, helps our customers on their GDPR compliance journeys
How TrebleHook Protects Your Data
TrebleHook follows industry best practices to ensure the confidentiality, integrity, and availability of your data:
- Data is encrypted using AES-256 standards.
- Access is restricted using the principle of least privilege.
- We log and audit key system activities.
- Regular data backups ensure recoverability.
- Our teams follow secure development lifecycle practices.
How We Support Procurement Reviews
We understand that large AEC firms often have rigorous security requirements. TrebleHook provides:
- Access to Salesforce’s downloadable compliance certificates
- Assistance in completing vendor risk assessments
For enterprise accounts, we also support one-on-one security reviews with our implementation and platform team.
Frequently Asked Questions
Is TrebleHook SOC 2 compliant?
Yes. TrebleHook leverages Salesforce, which is SOC 2 certified. Relevant certificates can be downloaded from Salesforce’s compliance site.
Where is my data stored?
TrebleHook data is hosted on Salesforce servers, with global data centers that support region-specific storage as required.
Can TrebleHook help us meet GDPR or CCPA requirements?
Yes. TrebleHook supports data export, deletion, and access logging in alignment with privacy regulations.
