Trust & Security

Privacy-First Architecture

NTrigo products are designed with privacy as a core principle. Our architecture minimizes data exposure by performing the vast majority of security processing locally within the customer environment.

We do not collect, store, or analyze customer content.

Data Processing Model

Our solutions operate in a hybrid SaaS model:

On-device / On-prem processing

  • Email content, files, images, attachments, messages, and payloads are processed locally.
  • Such data never leaves the customer environment.

Cloud API classification

  • API calls are made solely for security classification purposes.
  • Depending on the threat context, requests may include:
    • A full URL, or
    • URL characteristics only
  • All requests are processed in real time and immediately discarded.
  • No scanned links, attributes, or results are stored.

Even upon customer request, NTrigo cannot retrieve historical scanned links or malicious URLs, as this information is never retained. Customers may rely on their local logs or on real-time API responses, depending on their configuration.

Data We Do Store

NTrigo stores only minimal, non-sensitive business data required to operate the service:

  • Customer organization name
  • Subscribed packages and entitlements
  • API keys
  • Aggregated usage metrics (numeric counters only)
  • Billing and payment status records

We do not store:

  • Personal data
  • End-user identifiers
  • Content of links, emails, files, or communications
  • Financial or payment card information

Usage data is stored only in aggregated, statistical form (for example: request volumes, malicious vs legitimate ratios, processing distribution percentages).

Logs

Operational logs related to security events remain on customer-managed endpoints.

NTrigo does not collect or centralize customer security logs.

No sensitive or customer-originated content is logged in our systems.

Data Location

Limited service data is hosted on Google Cloud Platform (GCP).

Infrastructure is currently located in the United States.

Stored data is business-related and non-personal in nature.

Access Control & Security

Access to internal systems is strictly limited to a small, authorized team.

Strong access controls are enforced, including:

  • Role-based access control (RBAC)
  • Multi-factor authentication (2FA)
  • Encrypted credential storage

All access is logged and reviewed according to internal security procedures.

Third-Party Services

NTrigo uses a minimal number of third-party providers. Where applicable, providers are selected based on strong security and compliance posture, including certifications such as ISO 27001, SOC 2, GDPR alignment, and PCI DSS.

NTrigo does not use third parties for payment processing or card data handling.

Incident Management

As a cybersecurity company, NTrigo maintains internal security and incident response procedures designed to detect, assess, and respond to security events.

In the event of a confirmed incident affecting customer data, NTrigo follows established notification and mitigation processes in accordance with applicable legal and contractual requirements.

Security inquiries can be reported to:

security@ntrigo.com

GDPR Statement

NTrigo is committed to privacy by design and data minimization.

  • NTrigo does not process personal data as part of its core service.
  • No end-user registration or identification is required.
  • Any data processed is limited to what is strictly necessary for security classification.
  • Where applicable, NTrigo acts as a data processor and processes data only on documented customer instructions.
  • Data is processed transiently and not retained beyond real-time analysis.
  • Appropriate technical and organizational safeguards are implemented to protect data.
  • Customers remain in control of their own logs, data retention, and security policies.

ISO 27001-like Alignment

While NTrigo is not currently ISO 27001 certified, our security program is aligned with key principles of the standard, including:

  • Risk-based security management
  • Least-privilege access control
  • Secure system design and development
  • Incident response preparedness
  • Supplier and third-party risk awareness
  • Continuous security improvement

This alignment reflects our commitment to operating at an enterprise security level without overstating formal certification status.

Contact

For security, privacy, or compliance-related questions, please contact:

security@ntrigo.com