TTN handles inbound calls, SMS, photos and customer details on behalf of trade businesses. This page describes controls that are currently implemented and avoids claiming certifications we do not hold.
Public TTN web, API and voice endpoints are served over HTTPS. Provider connections use TLS.
Authenticated application queries derive the business identity from the verified session and scope customer records to that business.
Customer identity is provided by Clerk. Privileged actions use role checks and selected administrative changes are audit logged.
Stripe, Clerk and Twilio HTTP webhooks are verified using provider signatures before their payloads are processed.
Customer upload links use random expiring tokens. Uploaded files are kept private and served through authorised application routes.
We review dependencies, infrastructure and application controls and prioritise remediation based on customer and business risk.
We are not currently SOC 2 audited or ISO/IEC 27001 certified. Certification may be considered when customer requirements justify it.
Principal providers used to deliver the service. Processing may occur outside Australia as described in our privacy notice.
We treat responsible disclosure as a partnership. Use our contact form and select the security category, including reproduction steps and impact.
Please don’t access data that isn’t yours, run automated scanners against our production systems, or publicly disclose before we’ve had a chance to fix.