Built from the ground up
with secure principles

At ThreatKey, we prioritize the security and privacy of our customers above all else. We understand the critical importance of protecting your sensitive information and maintaining a secure environment. This security page outlines the comprehensive measures and controls we have implemented to safeguard your data and ensure the integrity of our platform.
ThreatKey's Auditing and Assessment

We regularly submit to inspections conducted by our independent auditor. Annually, they conduct an internal "Service Organization Control" Report ("SOC") to assess our internal systems and procedures.

Data Protection

ThreatKey employs multiple layers of protection to secure your data. We implement strict access controls and authentication mechanisms to ensure that only authorized personnel can access sensitive information. Our databases are regularly backed up to prevent data loss and enable fast recovery in the event of any unforeseen incidents.

Regular Audits and Testing

To maintain the highest level of security, we conduct regular security audits and penetration tests. These assessments help us identify vulnerabilities and weaknesses in our systems, which we promptly address to mitigate any potential risks. By staying vigilant and proactive, we continuously enhance the security of our platform.

Employee Access and Training

Our employees undergo a rigorous screening process and are bound by strict confidentiality agreements. Access to customer data is limited to authorized personnel on a need-to-know basis. We also provide comprehensive training to our employees to ensure they are well-versed in security best practices and understand the importance of protecting customer data. All ThreatKey employees undergo stringent background checks before employment. ThreatKey staff accounts are secured by two-factor authentication, which they cannot disable. Staff computers are enabled with full disk encryption and all email accounts are secured with two-factor authentication.

Incident Response

In the event of a security incident, ThreatKey has a well-defined incident response plan in place. Our dedicated security team promptly investigates any potential breaches or unauthorized activities and takes appropriate action to contain and mitigate the impact. We follow industry-standard protocols to communicate with affected customers and provide necessary support and guidance.

Account Security

As a ThreatKey user, you are in charge of your account's login and authentication. Within your company, you have the flexibility to permit any number of other users to view your information, with a detailed set of permissions. You are not required to disclose your account information to share your security dashboard- just invite others with limited access rights, which you can withdraw whenever you choose.

All account activities are tracked and logged onto a distinct logging platform.

Browser Security

ThreatKey respects the "do not track" preference in certain browsers. Users who choose "do not track" will not be subject to the analytics tracking performed by ThreatKey.

Operational Security

ThreatKey has a business continuity plan included in our SOC 2 Type 2 report.

Technical and Data Security

ThreatKey ensures bank-grade digital security, featuring 256-bit SSL encryption (A+ rated by Qualys SSL Labs). This includes OCSP stapling and HTTP strict transport security. We rely on Amazon Web Services (AWS) for our servers and data hosting. AWS is compliant with a number of certificates for their data centers, including full SSAE 16 (SOC 1, SOC 2, and SOC 3). Our servers are hosted in a virtual private cloud within US data centers. Access to our production environment is limited to select ThreatKey engineers. All direct access to our production systems is protected by public key encryption and two-factor authentication.

Code Security

ThreatKey prioritizes code security as a crucial aspect of its development process. To ensure the highest level of code security, we employ a range of robust practices and tools, including the use of static analysis.

Secure Infrastructure

Our infrastructure is built on a foundation of robust security controls. We utilize industry-leading cloud service providers and maintain a highly secure environment for our systems. Our infrastructure is designed with redundancy, scalability, and fault tolerance in mind, to ensure high availability and resilience.

Third Party Validation

We employ a vulnerability disclosure program to promote the disclosure of security vulnerabilities. We invite top security researchers ("white hats") to probe ThreatKey's platform in a sandbox environment responsibly.

ThreatKey Software Updates

We constantly strive to enhance all aspects of our software, with updates released daily. All changes are reviewed by other software engineers prior to release.

Support Options

ThreatKey prioritizes accessibility for customer support. Support is available through the ThreatKey Help Center from Monday to Friday between 5:30 am and 8:30pm Pacific Time. Enterprise support is available 24x7.

Responsible Disclosure

If you suspect a vulnerability in ThreatKey or are a security researcher in this field, we encourage you to reach out to us at security@threatkey.com. Please provide as much detail as possible, including steps to reproduce or proof. We're always eager to incorporate talented researchers into our vulnerability disclosure program.

Your Trust is Paramount

At ThreatKey, we understand that our customers place their trust in us to protect their valuable information. We are dedicated to upholding that trust by implementing rigorous security measures and continuously improving our practices. If you have any security-related questions or concerns, please don't hesitate to contact our security team at security@threatkey.com.

Demand more from your security platform


Reduction in Mean Time to Detect (MTTD)

The results and conclusions drawn from this data may not be universally applicable or representative of every individual case or scenario.


Faster scan completion when compared to leading CSPM and SSPM brands.


Supported integrations across SaaS and Cloud. Extensive integration support on every plan.
Streamline your approach to security posture management throughout your entire corporate environment.
Start Securing