Security & Transparency

Our approach to security is documented, verifiable, and transparent.

MITRE ATT&CK Mobile coverage

Our features rely on multiple security checks mapped to the MITRE ATT&CK Mobile framework. Each detection is associated with a publicly verifiable MITRE identifier.

Threat model

Trasimene targets documented threats from the MITRE ATT&CK Mobile framework: phishing and quishing, malicious applications, network interception (MITM), data leaks and spyware. The exact scope of detections depends on the capabilities offered by each platform (Android, iOS): we document what the application can — and cannot — detect, without promising 100% protection.

Standards compliance

OWASP Mobile Top 10, OWASP MASTG, NIST SP 800-63B, GDPR, ISO 25010. Our code is regularly audited.

Encryption

AES-256-GCM for the vault, TLS 1.3 for communications, WireGuard for the VPN. Encryption keys are stored in Google Cloud Secret Manager.

Key and secret management

Encryption keys and infrastructure secrets are stored in Google Cloud Secret Manager, region europe-west1 (EU), with IAM-restricted, logged access. Vault content is encrypted with AES-256-GCM; no card data is stored by us.

Data residency

Our infrastructure (website, API, data) is hosted on Google Cloud, region europe-west1 (EU). No data is sold. Sub-processors and any transfers outside the EU, governed by standard contractual clauses, are detailed in our privacy policy.

Privacy

Trasimene only collects data strictly necessary for the service. No data is sold. No third-party trackers in the app.

Responsible disclosure

Found a vulnerability? Write to us at contact@trasimene.com — our policy is published in our security.txt file (/.well-known/security.txt). We acknowledge receipt, prioritise fixes and do not take legal action against researchers acting in good faith.