Security & Transparency
Our approach to security is documented, verifiable, and transparent.
MITRE ATT&CK Mobile coverage
Our features rely on multiple security checks mapped to the MITRE ATT&CK Mobile framework. Each detection is associated with a publicly verifiable MITRE identifier.
Threat model
Trasimene targets documented threats from the MITRE ATT&CK Mobile framework: phishing and quishing, malicious applications, network interception (MITM), data leaks and spyware. The exact scope of detections depends on the capabilities offered by each platform (Android, iOS): we document what the application can — and cannot — detect, without promising 100% protection.
Standards compliance
OWASP Mobile Top 10, OWASP MASTG, NIST SP 800-63B, GDPR, ISO 25010. Our code is regularly audited.
Encryption
AES-256-GCM for the vault, TLS 1.3 for communications, WireGuard for the VPN. Encryption keys are stored in Google Cloud Secret Manager.
Key and secret management
Encryption keys and infrastructure secrets are stored in Google Cloud Secret Manager, region europe-west1 (EU), with IAM-restricted, logged access. Vault content is encrypted with AES-256-GCM; no card data is stored by us.
Data residency
Our infrastructure (website, API, data) is hosted on Google Cloud, region europe-west1 (EU). No data is sold. Sub-processors and any transfers outside the EU, governed by standard contractual clauses, are detailed in our privacy policy.
Privacy
Trasimene only collects data strictly necessary for the service. No data is sold. No third-party trackers in the app.
Responsible disclosure
Found a vulnerability? Write to us at contact@trasimene.com — our policy is published in our security.txt file (/.well-known/security.txt). We acknowledge receipt, prioritise fixes and do not take legal action against researchers acting in good faith.