When processing data on behalf of our customers, Tether acts as a data processor or service provider, following customer instructions and maintaining strict access controls. Tether safeguards data using multiple layers of security; organizational, infrastructural, and procedural. Our ongoing goal is to align with best practices and seek audit-ready standards.
Organizational Security
- Every team member signs an industry-standard confidentiality agreement on their first day.
- We enforce least-privilege access and conduct quarterly access reviews, with strong password policies and 2FA wherever applicable.
Infrastructure & Cloud Security
- Our backend runs on Heroku atop AWS for reliable, audited infrastructure. (See Heroku Security and AWS Security for details.)
- All customer-branded applications (web, iOS, and Android) run on the same secure Tether infrastructure and inherit our full security and compliance controls.
- All data is encrypted—at rest and in transit (TLS 1.2+).
- We maintain automatic backups and monitoring tools for data resilience and continuity.
Subprocessors
- We use vetted third-party subprocessors (such as AWS, Heroku, Stripe, and other essential service providers) to support core functionality.
- All subprocessors must meet or exceed Tether’s security and confidentiality standards.
- Our current subprocessor list is maintained and available upon request.
Incident Response & Availability
- We have a formal incident response plan, including escalation, mitigation, and user communication.
- Our infrastructure includes failover monitoring and alerting to detect and respond to outages swiftly.
Data Transmission & Liability
- We implement administrative, technical, and physical controls, but no system is infallible. Data transmission is at your own risk.
- We cannot be responsible for circumvention of security protocols (e.g., on compromised endpoints or weak configurations).
- Customers are responsible for the security of their own accounts, user management, and compliance obligations when adding or inviting users to their branded environments.
Compliance & Assurance
- We are committed to continuous improvement and are working toward SOC 2 compliance to demonstrate transparency and control maturity.
