Security

Effective date: July 12, 2026

An overview of the technical and organizational measures protecting data on the Tryvo platform.

Encryption

  • All traffic is encrypted in transit with TLS.
  • Databases and object storage are encrypted at rest by our infrastructure providers.
  • OAuth credentials for connected stores and email services are additionally encrypted at the application layer (AES-256-GCM) before being stored, so they are unreadable even with direct database access.

Tenant Isolation

  • Every query in the application is scoped to the requesting brand; one brand can never read another brand's campaigns, customers, or submissions.
  • Uploaded files are stored under brand-scoped keys and served only through an authorization proxy that verifies the requester's access to that brand.
  • Public submission links use unguessable, expiring tokens scoped to a single invitation.

Access & Authentication

  • Account authentication is handled by Clerk and supports multi-factor authentication.
  • Team access is role-based via organizations; access to production systems is limited to authorized personnel on a least-privilege basis.
  • Incoming webhooks (Shopify, Clerk) are verified with cryptographic signatures before processing.

Infrastructure & Data Location

  • The application runs on Vercel; the primary database (Neon Postgres) is hosted in the EU (Frankfurt).
  • Uploaded videos and images are stored with an EU-based storage provider and are uploaded through our servers rather than directly from the browser.
  • The full provider list is on the subprocessors page.

Backups & Continuity

The primary database provides continuous backups with point-in-time recovery. Background processing (scoring, rewards, emails) is built on durable, retryable job execution, so transient failures do not lose work.

Incident Response & Responsible Disclosure

We investigate security incidents immediately and notify affected customers without undue delay, in line with our DPA and applicable law. If you believe you have found a vulnerability, please email kontakt@tryvo.io with details. Do not access data that is not yours or disrupt the service while testing; we will not pursue good-faith research conducted within these bounds.

See all legal documents at tryvo.io/legal. Questions: kontakt@tryvo.io

Security — Tryvo · Tryvo