SECURITY

Secure everything.

The policies, protocols, and protections we have in place were developed with one goal: to safeguard the privacy and security of your account and its data.

Data protection & encryption

Data at rest
Advanced Encryption Standard (AES) 256-bit encryption. All stored data is encrypted to the highest standard—the same as that used by all US financial institutions.
Data in motion
We use Transport Layer Security (TLS) 1.2 encryption protocol. This cryptographic protocol ensures secure delivery of data transferred over the internet. It protects that information that is being transferred, and also authenticates the website’s identity. Sites with a TLS/SSL certificate are identified as such by the https and the padlock icon in the browser’s address bar. Trust & Will holds an SSL/TLS certificate from DigiCert®.
Data stored in the cloud
We leverage Amazon Web Services (AWS) components to provide reliable fault-tolerant and highly available systems in the cloud. Read more about AWS Cloud Security.

Data ownership

Your information
We appreciate that you have entrusted us to store and safeguard your personal information. We will never share, sell, or transfer any information about you, or any data that you store using our services without your consent or as outlined in our privacy policy. Visit our Privacy Policy to learn more.
Data deletion
Your account belongs to you. If you decide that you would like to end your membership and delete your account, we ensure that all information and documents associated with your account are completely and irreversibly removed—with final removal of any security backups occurring 35 days from your initial request.

Identity management & authentication

Passwords
We prevent unauthorized activity through password limitations (including the recommendation of creating a password of 14 characters or more.) Additionally, we automatically log users out after an extended period of inactivity so that unauthorized users may not access the account.

Certifications

SOC2 and HIPAA
We have undergone Type 2 Service Organization Control 2 (SOC 2 Type II) and Health Insurance Portability and Accountability Act (HIPAA) examinations , resulting in an independent CPA’s report and certification. This confirms that we have established and continue to follow strict information security policies and procedures, and provide independent third-party verification that our operations meet or exceed defined controls for the security of your data.

Accreditation

Better Business Bureau
As a BBB-accredited entity, we have met and continue to fulfill the criteria of accreditation, including operating with integrity, transparency, and a commitment to safeguarding customer privacy. Additionally, we commit to operating in good faith to resolve any customer complaints.

Reporting

In the event of a system outage, we have processes in place to help keep all data safe and secure. We also have disaster recovery and business continuity plans in place. If you are aware of a security issue affecting Trust & Will or our members and you wish to disclose it, please review our Responsible Disclosure Policy and email us at security@trustandwill.com. Likewise, if you have any other security concern, please let us know.