Overview
At Torq, we understand the challenges facing front-line security teams, who are often overwhelmed as the number of security events continues to rise within increasingly complex environments.
Our platform helps front-line teams and CISOs by delivering lightweight, modern security automation that is easily integrated with their existing tools set, and flexible enough to seamlessly scale as organizations’ needs change.
Welcome to Torq's Security Trust Center. Built with a security mindset from the foundation up, Torq platform and its operations comply with the industry-leading standards. Our operations are monitored continuously to ensure that all controls are enforced at all times.
Use this portal to learn about our security posture and request full access to our security documentation.
Email us at security@torq.io if you have any additional questions not answered by this Portal.
Compliance

Documents
Risk Profile
Product Security
Reports
Self-Assessments
Data Security
App Security
Legal
Data Privacy
Access Control
Infrastructure
Endpoint Security
Network Security
Corporate Security
Policies
Security Grades
Trust Center Updates
Torq has started engaging with WP Engine (https://wpengine.com/) as hosting for its commercial website (torq.io). Additional information can be found in the Torq Sub-processor Due Diligence paper.
Recent SOC 2 + HIPAA report is available
Recent SOC 2 + HIPAA report is available
Torq has started engaging with Eduflow (LMS). Additional information can be found in the Torq Sub-processor Due Diligence paper.
Torq is no longer using Zendesk. All offboarding steps were taken and completed.
Torq is actively evaluating the impact of recent breaches of LastPass and CircleCI on our operations and wanted to provide our customers and prospects an update on what we are doing to assess any potential impact on Torq or our customers.
LastPass
Torq does not use LastPass. We use another industry-leading password manager.
CircleCI
Torq is a CircleCI customer, and this breach could impact any CircleCI customer, including Torq.
By the time we were notified of the CircleCI breach (Jan 4th), we'd enrolled our incident response plan to measure and investigate any potential impact. This included an immediate secrets and credentials rotation, logs investigation, and a few teams efforts.
read here how we utilized our own tool for that.
After a few hours of challenging and accurate work, we closed the incident after making sure there weren't any risks left on Torq.
Torq is continuously monitoring and following closely on industry incidents.
Questions? security@torq.io
Torq is no longer using Hootsuite. All offboarding steps were taken and completed.
After reviewing our infrastructure and SBOM, torq has determined that we are not currently vulnerable to OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 which were disclosed on November 1, 2022.
If you think you may have discovered a vulnerability, please send us a note.