Learn about security
While keeping your shoes on
Here’s how we keep your data protected while you get where you need to be. No fluff, just facts.
Suspicious activity? Contact us.
All TripIt customer data is stored in highly secure data centers that undergo multiple rigorous audits and authorizations on a regular basis, and also have demonstrated robust physical entry controls to ensure only authorized personnel are able to enter the facility.
No customer data is stored in any of our offices, or on any company or employee workstation.
We employ several features at the service level to keep TripIt secure and to ensure its availability. Some of these features include:
- Automatic logging of important events to closely monitor the health, performance, and availability of the service, providing a better level of service to you.
- Alerts triggered by significant log events sent to appropriate personnel who respond accordingly.
- Log data does not contain sensitive personal information and is protected from access by unauthorized personnel.
We understand that mobile devices are often lost and stolen. That’s why we built security protections into our mobile apps, including:
- Your sensitive personal information is encrypted on your mobile device.
- Access to your sensitive personal information is restricted by passcode.
We employ a structured software development life cycle (SDLC) when building and making changes and improvements to TripIt.
- All changes are analyzed to ensure that security requirements are met.
- Software development personnel conduct code reviews to ensure that changes do not introduce security risks.
- We train our software developers on the techniques for writing secure code.
We also maintain a team of dedicated software security engineers who test the TripIt application to look for security vulnerabilities before changes or improvements are released to production
Need to report suspicious activity?
To report a security finding please use our open bug bounty program here. For other security related issues, please send details to firstname.lastname@example.org using Concur’s PGP key, which you can download here.