Architecture
Device-labeled operations use browser APIs and locally loaded code. Public URL and allowlisted BYOK routes run on hosted infrastructure only for the requested transaction. Trenith’s public infrastructure uses Vercel and Google Cloud services; secrets are scoped and kept outside client source.
Controls
Controls include TLS, security headers, restricted outbound destinations, private-network blocking on public URL tools, session-first credentials, optional AES-GCM browser vault encryption, consent defaults, dependency review and least-privilege operational access.
Your role
Use a supported updated browser, protect provider keys, use restricted keys and spending limits, verify custom endpoints, keep original files and remove shared-device vaults. No encryption can protect a key after it is sent to the provider you instruct us to call.
Certifications
Do not infer a certification from this page. Trenith does not claim Trenith Tools is currently certified to ISO 27001, SOC 2, PCI DSS or a sector-specific healthcare standard.
Report a vulnerability
Send a reproducible report to legal@trenith.in. Do not access other people’s data, disrupt the service, use destructive tests or publish an unremediated issue. We will acknowledge valid reports as resources permit; there is no standing bounty promise.
