We continually improve our compliance practices to meet or exceed industry standards and audits.


Trustworthy is AICPA SOC2 Type One certified with an independent CPA’s report and certification. A SOC 2 Type One report assures you that Trustworthy has established and continues to follow strict information security policies and procedures, and provides independent, third-party verification that Trustworthy operations meet or exceed defined levels of processes and controls for the security of customer data. Trustworthy undergoes annual independent audits to verify continued execution of secure operations.


Trustworthy complies with General Data Protection Regulation (GDPR), a regulation mandated in the EU to protect the individual rights of personal data collection and usage. While GDPR is only required in the European Union, we provide GDPR protections for all our customers.The GDPR outlines seven key principles, all of which Trustworthy has complied with:

  • Lawfulness, fairness and transparency

  • Purpose limitation

  • Data minimization

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality (security)

  • Accountability


Trustworthy is compliant under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This means we manage the privacy and security of your information in accordance with the extremely formal and rigorous requirements of HIPAA, a compliance framework designed to protect sensitive personal and health information, especially any information held electronically. Not only do we hold ourselves to this high standard, we ensure that any third parties through which your information is transmitted are liable for protecting the privacy and security of your information to the same extent as Trustworthy.

PCI DSS Level 4

Trustworthy has been certified as Payment Card Industry Data Security Standard (PCI DSS) Level 4 compliant. This means we have completed a Self-Assessment Questionnaire (SAQ) and had an Approved Scanning Vendor (ASV) conduct quarterly network scans.

McAfee TrustedSite Certified Secure

Trustworthy is certified as a McAfee TrustedSite. This means that our online presence has passed McAfee’s rigorous tests for malware, viruses, and phishing and is regularly monitored by McAfee for security issues.

Norton Secured by Verisign

We are a Norton approved secure site. This means that Trustworthy is using a Verisign SSL (Secure Sockets Layer) certificate to keep your connection to Trustworthy secure at all times. It also means that Trustworthy sites are receiving a vulnerability scan on a daily basis. If Norton reports an issue, the seal no longer displays.

BBB Accredited

Trustworthy is a Better Business Bureau (BBB) accredited business. This means that Trustworthy meets the BBB’s accreditation standards, including a commitment to make a good faith effort to resolve any consumer complaints.

Vulnerability Management

We perform regular application and infrastructure security vulnerability and penetration testing. Trustworthy uses internal security staff and third-party security researchers/specialists to proactively identify vulnerabilities and complete remediation in a timely manner. To responsibly disclose or report a security vulnerability to Trustworthy, please contact security@trustworthy.com.

Did this answer your question?