Data Security

At Tribo, we dedicate a considerable share of efforts to ensure the complete security of customer data and the privacy of our users, all the while attempting to build a considerably large codebase with the restrained resources of a startup. We regularly discuss and address the subject and intend to provide our customers with world-class security and privacy standards.

Tribo started as a lightweight event satellite app that allowed users to share impressions and easily access event info. Data privacy was one of our key differentiators from public platforms: Tribo never gathered data for commercial purposes; on the contrary, it always belonged to the event organizers. As we advanced, our audience expanded into the corporate world. Today, we host environments for large customers like Google (Bangkit education program), Berney Associes, Feminine Pluriel, StoneWeg. We also continue legacy partnerships with European events like Zurich Film Festival, Verbier Festival, Leopolis Jazz. We understand that our corporate customers are concerned about their data safety, and we work hard on achieving and keeping the enterprise-grade security and privacy of our systems.

Here is what we do currently:

Identity management

We ensure that only the right people and approved devices can access your company information. All corporate Tribos are private Tribos, where only invited users can access the data. For the integrated customers, whom we integrate on the system level, only the designated employees of the company, properly authorized by the company root network authority (e.g., Active Directory), would be able to access the data.

Data protection

By default, Tribo SSL-encrypts data in transit for all of our customers. Our servers and customer data are in the Amazon secured environment and legally inherit all subsequent security standards. They are continually audited by worldwide-recognized authorities, having a dozen compliance certifications including but not limited to the following:

  • SOC 1/ISAE 3402, SOC 2, SOC 3

  • FISMA, DIACAP, and FedRAMP

  • PCI DSS Level 1

  • GDPR

  • ISO 9001, ISO 27001, ISO 27017, ISO 27018

Data retention

Notably, for corporate customers, we offer a lifetime data retention service. We never delete customer data and keep it for future reference.

Information governance

Tribo offers governance and risk-management capabilities flexible enough to meet your organization’s needs, no matter the size of your organization and the line of business.

Regular code review

Our partner company EXP1, LLC (exp1.net), provides security assessment services and participates in regular code review of Tribo.

Use of the VPN

We recommend that all our corporate customers use VPN apps (such as Express VPN) to protect physical IP addresses and ensure additional protection of their sensitive data.

Future improvements

As we continue to improve our services, we are also working on several projects related to security and privacy and plan to get Tribo certified on the end-to-end level.