How we protect your firm's data.
If you need more detail for a vendor review or a BAA, talk to us.
Compliance
HIPAA
Trellys is HIPAA compliant. Business Associate Agreements are signed with firms handling patient information.
Security
Data storage
Application data is segregated by firm at the record level. Access is enforced per firm at the application layer. Reporting data is stored in a separate database per firm.
Document storage
Documents are stored separately from application data and keyed per firm. Dedicated storage is available per firm.
Encryption
Data is encrypted in transit with TLS and at rest in every store. Integration credentials are encrypted again at the application layer before storage.
Backups
Databases are backed up daily.
Infrastructure
Trellys runs on SOC 2 audited cloud infrastructure.
Incident response
Production incidents are handled by the Trellys engineering team. Phone: +1 (817) 508-2702. Member firms have a dedicated escalation line.
Privacy
AI handling
No AI model is trained on customer data. Content sent to the AI provider is not retained. Firms can use their own API keys.
Data deletion
Customer data is deleted on request when a firm leaves. Deletion covers the database records, the reporting database, and stored documents.
Insurance
Coverage
Trellys carries professional liability, cyber, and general liability insurance. A certificate of insurance is available on request.