A security first architecture
Tern's world-class engineering team has experience working in highly sensitive data environments. From the first line of code written we've had protecting user's information in mind.
The Tern software runs on industry leading infrastructure. The physical data centers used to power Tern has been certified under various compliance standards including:
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
Additionally our infrastructure provider provides DDoS mitigation, firewall based access restrictions, and spoofing and sniffing protections. Port scanning is prohibited and closely monitored by our infrastructure provider.
Your data is encrypted
Encryption protects your data from those who shouldn't have access to it. Tern uses industry leading data encryption technologies to ensure your data is safe within Tern.
In transit: Using TLS1.2 or Higher
At test on our servers: Using AES 256 or above
Application level for sensitive fields: Using AES encryption
This means that all data you share with Tern is protected using industry leading encryption.
An extra layer of protection for sensitive information
Extra sensitive information such as passport details/photos go through an additional layer of encryption in our databases and only decrypted on page load. This means in the extraordinarily unlikely event of a breach of our core databases this information would be illegible to attackers.
Currently sensitive data is limited to passport information but will expand with additional datatypes.
Security best practices
Systems are only as good as their weakest link. We encourage all users to implement good security hygiene. This means using strong passwords. Soon, Tern will require the use strong passwords by advisors. In the future, Tern will require advisors to setup two-factor authentication before storing financial data.