Your trust is our priority. Treedis is dedicated to maintaining the trust our customers place in us by safeguarding their data. We ensure this by prioritizing the security, privacy, and availability of information within our systems.

We are committed to transparency and upholding the highest standards of service through enterprise-grade certifications.
‍
ISO 27001 & GDPR: We provide all clients with a Data Processing Addendum (DPA) to prove compliance with ISO27001 and GDPR. Our ISO27001 certificate is available upon request.

‍Privacy & DPA: In addition to our terms of use and privacy policy, we offer a DPA to ensure regulatory compliance.

Our infrastructure is built within the Amazon Web Services (AWS) ecosystem, following AWS best practices to ensure top-notch security and availability.

‍High Availability: We target 99.9% availability. Our infrastructure automatically adapts to user demand using Amazon ECS Auto Scaling and Amazon Aurora Auto Scaling.

‍Global & Mirrored Hosting: Our servers are primarily hosted in the AWS us-east-1 region. For enterprise clients, we can replicate the entire infrastructure to a specific region to create a "mirrored" environment.

‍Disaster Recovery (DR): Critical servers are distributed across multiple availability zones. If one data center fails, another seamlessly takes over to ensure minimal service disruption.

‍Backups: All databases are backed up daily at 3 AM UTC+0, with snapshots retained for 30 days.

We employ rigorous encryption standards to protect data both in transit and at rest.

‍Encryption Standards: Treedis uses the TLS 1.3 protocol at transit. Data at rest within our AWS RDS relational databases is encrypted with AES-256.

‍Key Management: Encryption keys are stored separately and are accessible only to administrators with specific AWS IAM permissions using AWS KMS.

‍Sensitive Data: We do not process sensitive personal data such as credit cards (processed via Stripe). Passwords are hashed using the SHA-256 algorithm.

‍Data Leak Prevention: We utilize AWS Macie, a machine learning solution, to identify patterns that might indicate data leaks.

We deploy a multi-layered defense strategy powered by SentinelOne and AWS tools to protect our infrastructure.

‍Endpoint Detection and Response (EDR): All workstations and servers are protected by SentinelOne, providing real-time autonomous protection against malware and exploits.

‍Cloud Workload Protection (CWPP): We secure our AWS containerized workloads to ensure applications are protected from development through runtime.

‍Network Firewall (WAF): Treedis utilizes AWS WAF with complex rules including user agent detection, IP blacklisting, and regional blacklisting.

‍DDoS Mitigation: We implement strict rate limiting to protect against Distributed Denial of Service (DDoS) attacks and volumetric abuse.

‍Bot Protection: We utilize Google’s reCAPTCHA v3 to distinguish between human users and automated bots without adding friction to the user experience.

We support advanced authentication protocols to ensure only authorized users access your data.

‍Single Sign-On (SSO): Treedis supports any SAML 2.0 SSO provider, allowing enterprise clients to log in using their preferred solution (e.g., Microsoft Entra).

‍MFA & Access Control: Internal AWS IAM accounts are protected with Multi-Factor Authentication (MFA).

‍VPN & Private Access: Treedis fully supports AWS Site-to-Site VPN, allowing enterprise clients to communicate with our servers directly and securely.

‍Private Keys: Server access via SSH requires a private key (PEM file), accessible only to the CTO, COO, and DevOps Tech Lead.

Treedis offers specialized security for spatial digital twins, working in tandem with Matterport.

‍Web Spatial Data: "Digital twin" data for the web is hosted and managed by Matterport.

‍Augmented Reality (AR) Data: Spatial data for AR (Matterpak or E57) is hosted on both Matterport and Treedis servers to enable image recognition capabilities.

‍Private Model Embed (PME): Treedis offers a PME solution that allows users to set Matterport spaces to "private" (inaccessible publicly) while viewing them through a secure Treedis token. These tokens are short-lived (seconds or minutes) for maximum security.

‍OAuth Integration: Treedis connects to Matterport via a secure, time-limited OAuth connection and does not store credentials beyond the refresh token.

Secure Development: We utilize Snyk to automatically detect security anomalies in our code.

‍QA Process: We employ a rigorous QA process involving five different environments before code reaches production.

‍Penetration Testing: Treedis welcomes clients to perform penetration tests on our servers and provides full transparency regarding relevant endpoints.

Treedis partners with industry-leading vendors to deliver our services.

Primary Cloud Provider: Amazon Web Services (AWS).
‍
Spatial Data Partner: Matterport.
‍
Payment Processing: Stripe.
‍
Security Partners: SentinelOne (EDR/XDR) , Google (reCAPTCHA).