TrulixoTrulixo

Security

How Trulixo protects your data and what we do not access.

Security Overview

Trulixo is built with security and data minimization as core principles. We follow a least-privilege approach: we only access and store what is necessary to provide the service.

  • Security by design, not as an afterthought
  • Minimal data access, we only store subscription metadata
  • Clear ownership and accountability for all actions
  • Regular security reviews and updates

What Trulixo Will Never Do

  • No bank account access

    We do not connect to bank accounts, payment processors, or financial systems.

  • No payment data storage

    We do not store credit card numbers, bank account details, or payment method information.

  • No automated cancellations

    We do not cancel subscriptions automatically. All decisions require explicit human approval.

Data Handling & Scope

What We Store

Trulixo stores only subscription metadata necessary for renewal visibility and decision-making:

  • Subscription names and vendors
  • Renewal dates and amounts
  • Assigned owners and team members
  • Decision logs (renew, cancel, snooze) with timestamps
  • Account information (name, email, role)
  • Workspace and team membership data

What We Do Not Store

  • Credit card numbers or payment credentials
  • Bank account details or routing numbers
  • Transaction history or payment records
  • Banking or payment processor API keys
  • Financial account balances or statements

This minimal data approach reduces risk. Even if our systems were compromised, attackers would not have access to financial data or payment methods.

Infrastructure & Hosting

Trulixo runs on modern cloud infrastructure with the following practices:

  • Isolated application environments with network segmentation
  • Regular security updates and patch management
  • Monitoring and alerting for suspicious activity
  • No unnecessary network access between services
  • Infrastructure as code for consistent, auditable deployments

Encrypted connections: All data transmitted between your browser and our servers uses TLS encryption. We use current TLS versions and follow best practices for certificate management.

Access Control & Authentication

Access to Trulixo is controlled through role-based permissions and team-level isolation:

  • Role-based access control with clear permission boundaries
  • Principle of least privilege—users only see what they need
  • Team-level data isolation—workspaces cannot access each other's data
  • Secure password requirements and optional two-factor authentication
  • Session management with automatic timeout for inactive sessions

Workspace administrators control who has access to their subscription data. Team members can only view and manage subscriptions within their assigned workspace.

Data Encryption

Encryption in Transit

All data transmitted between your device and our servers is encrypted using TLS. This protects data from interception during transmission.

Encryption at Rest

Data stored in our databases is encrypted at rest. This protects data even if storage media is physically accessed.

Backups & Availability

We maintain regular backups of your data to enable recovery in case of system failures:

  • Automated daily backups of all data
  • Backups stored in geographically separate locations
  • Regular testing of backup restoration procedures
  • Point-in-time recovery capabilities where technically feasible

Availability: We aim for high availability but do not guarantee uninterrupted service. Planned maintenance is communicated in advance when possible.

Responsible Disclosure

If you discover a security vulnerability in Trulixo, we appreciate your help in keeping our service secure. Please report vulnerabilities responsibly:

  • Do not publicly disclose the vulnerability before we have addressed it
  • Provide enough detail for us to reproduce and understand the issue
  • Allow reasonable time for us to fix the issue before disclosure
  • Avoid accessing or modifying data that is not your own

Report security issues: Contact us through the support channels provided in your account. Please include "Security Vulnerability" in your message subject line.

Summary

No Financial Data Access

We never access bank accounts or payment systems

Minimal Data Storage

Only subscription metadata, no payment information

Encrypted & Isolated

Data encrypted in transit and at rest, isolated environments

Access Control

Role-based permissions and team-level isolation

Regular Backups

Automated daily backups with geographic redundancy

Transparent Practices

Clear documentation and responsible disclosure process

Questions About Security

If you have specific security requirements, compliance needs, or questions about how we handle data, please contact us through the support channels provided in your account. We are happy to discuss security practices and answer questions from security teams, IT departments, or compliance officers.

Last updated: 2/12/2026