Security & Compliance

At Tilt, we are committed to earning and maintaining your trust by implementing robust security measures that protect your data at all times. From industry-standard encryption to strict access controls and continuous monitoring, our security program is designed to safeguard your information against evolving threats

Trust Center
DPA
Privacy Policy
Contact Tilt Security

Here’s how we ensure the security of your data:


Data Encryption

  • At Rest: We use AES-256 encryption to protect your data stored on our systems.
  • In Transit: All data is encrypted using TLS 1.2 or higher during transmission.

Access Controls

  • Multi-Factor Authentication (MFA): Required for all privileged accounts to strengthen security.
  • Role-Based Access Control (RBAC): Access is granted based on roles and responsibilities.
  • Least Privilege Principle: Access is limited to the minimum necessary for each role.
  • Controlled Employee Access: Access to customer data by employees is limited to a subset with clear roles in support, development, and security.

Monitoring and Logging

  • Continuous monitoring and logging of security events, including data access and privileged account activity.
  • Logs are securely retained for a minimum of 12 months for auditing and forensic purposes.

Vulnerability Management

  • Continuous cloud security posture management and regular code scanning.
  • Annual penetration testing of our applications and infrastructure.
  • Prompt remediation of vulnerabilities within defined timeframes. Exceptions require approval from senior leadership.

Incident Response

  • Robust Incident Response Plan to address security incidents.
  • If a breach involving customer data occurs, we notify affected customers within three business days and provide timely updates.

Compliance

  • SOC 2 Type II: Tilt undergoes an annual audit by an independent third-party auditor.
  • Penetration Testing: Annual testing performed by trusted external partners.

Data Backup and Recovery

  • Regular backups with tested recovery processes ensure data restoration within 24 hours.
  • Backups are stored securely across multiple locations for redundancy.

Visit the Tilt Trust Center

Explore the Tilt Trust Center for more information about our security program and compliance practices. The Trust Center provides:

  • SOC 2 Type II audit report.
  • Penetration testing attestation letter.
  • Certificate of Insurance.
  • Real-time compliance monitoring of security controls.
  • List of Tilt’s sub-processors.

Visit the Trust Center to see how Tilt prioritizes security, transparency, and trust.

Contact the Security Team

For questions about Tilt’s security program, or to report a concern or potential incident, contact our team at security@ourtilt.com.