Security
Access Controls
Separate access controls are enforced at each layer of the Tango infrastructure. Customer data is accessible only to employees whose job functions require it. All application and user access logs are stored centrally and monitored.
External Audits
Tango regularly undergoes both internal and external tests, and third-party code reviews. Reviews include Keyhole Assessments, SQA Application Assessments, Automated Web Application Scanning, Network Infrastructure Assessments, External Automated Vulnerability Scanning, and Internal Automated Vulnerability Scanning.
Traffic Controls
The Tango API and website only allow client requests using TLS protocols. Communication between Tango infrastructure and financial institutions is transmitted over encrypted tunnels.
Secure Data Storage
Tremendous does not touch or store sensitive credit card data. Our third-party credit card vault has undergone PCI level 1 certification. All bank data is encrypted using the Advanced Encryption Standard (AES-128-CBC).