redthrd
Sign In

Trust Center

Built on trust.
Proven by design.

Security, privacy, and compliance are foundational to everything we build. See how we protect your data and earn your trust.

View Security DocumentsContact Security Team

Security

Enterprise-grade security controls protecting your data at every layer.

Privacy

We never access content. Only aggregated, anonymized usage metrics.

Compliance

Certified and audited to meet global regulatory requirements.

Reliability

99.9% uptime SLA with redundant, geo-distributed infrastructure.

Certifications & Compliance

Independently verified.

Our security practices are regularly audited by independent third parties to ensure we meet the highest standards.

Certified

SOC 2 Type II

Annual third-party audit of security, availability, and confidentiality controls.

Compliant

GDPR

Full compliance with EU data protection regulations.

In Progress

ISO 27001

Information security management system certification.

Verified

Microsoft Verified

Verified publisher in Microsoft 365 ecosystem.

Security Practices

Defence in depth.

Multiple layers of security controls protect your data at every level.

Data Protection

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Azure Key Vault for key management
  • No access to message/document content

Access Control

  • Azure AD single sign-on
  • Role-based access control (RBAC)
  • Multi-factor authentication
  • Privileged access management

Infrastructure

  • Azure-hosted in your region
  • Geo-redundant data storage
  • Automated backups
  • DDoS protection

Monitoring

  • 24/7 security monitoring
  • Automated threat detection
  • Comprehensive audit logging
  • Incident response procedures

Security Documents

Transparency by default.

Access our security documentation. Some documents require an NDA—contact us to request access.

Security Overview

Public

High-level overview of our security architecture and practices.

SOC 2 Type II Report

NDA Required

Full audit report from independent third-party assessors.

Data Processing Agreement

Public

Standard DPA for GDPR and data protection compliance.

Penetration Test Summary

NDA Required

Latest third-party penetration testing results.

Privacy First

We see patterns.
Not content.

redthrd analyses how people use Microsoft 365, not what they create. We never access, store, or process the content of your emails, documents, chats, or files.

Usage metrics only—no content access
Aggregated and anonymised insights
Data minimisation by design
Configurable retention policies

What we access vs. what we don't

We Access

  • App usage frequency
  • Feature adoption rates
  • Collaboration patterns
  • Meeting statistics

We Never Access

  • Email content
  • Document content
  • Chat messages
  • File attachments

Frequently Asked

Common security questions.

What data does redthrd access?

We access usage metrics from Microsoft Graph API—which apps are used, how often, and feature adoption patterns. We never access, store, or process the content of emails, documents, chats, or files.

Where is my data stored?

Data is stored in Azure data centres in your chosen region. EU customers' data remains exclusively in EU regions. We support data residency requirements for regulated industries.

How do you handle data retention?

Usage data is retained for the duration of your subscription plus 30 days. You can request full data deletion at any time, and we provide data export in standard formats.

Can we audit your security practices?

Yes. We provide SOC 2 Type II reports and support customer security assessments. Enterprise customers can schedule calls with our security team.

Need more information?

Our security team is available to answer questions, provide documentation, or complete your security assessment questionnaire.

Contact Security Teamsecurity@redthrd.com