---
title: Security
description: "Secure your infrastructure with Termius: encrypted vaults, centralized access control, and SOC 2 Type II certified protection."
published: "Jun 15, 2026, 1:09 AM UTC"
---

Product

[Security](./security)

[Pricing](./pricing)

[Enterprise](./enterprise)

[Log in](https://account.termius.com/login)

[Sign up](https://account.termius.com/signup)

# Enterprise-grade security

Termius is designed like a password manager to protect your data privacy. Only you can access your information in the encrypted vaults and hold the key to decrypt it.

End-to-end encryption

Critical data is securely stored in an encrypted vault and protected with end-to-end encryption using a client-side key derived from your password. Your data is protected both in transit and at rest, ensuring only you have access.

Direct Connections

Termius is not a proxy, so you can always access your servers, whether you're online or offline. We use the offline-first approach so that you can manage your infrastructure anytime, anywhere.

SOC 2 Compliance

Certified SOC 2 compliance, ensuring that your data is handled with the highest level of security and privacy. This certification ensures rigorous processes for data security, availability, and confidentiality.

### Take an in-depth look into our security

Request our internal policies, SOC 2, or pentest reports.

[Evaluate Termius security](https://security.termius.com/)

### We ensure the availability of our systems

90 days ago

99\.99% uptime

Today

According to our [status page](https://status.termius.com/?_gl=1*17n4fzd*_gcl_au*OTA5ODUyNTU3LjE3MzQ5OTE0NjU.*_ga*MTY3MTE3OTMzOC4xNzMzODgxMzc1*_ga_ZPQLW2Q816*MTczNjM5MzE0My41MS4xLjE3MzYzOTQ4NjIuNjAuMC4w).

### Data security and privacy

[Account protection](./security#system-uptime)

[Data encryption](./security#data-encryption)

[Data retention and removal](./security#data-retention-and-removal)

[Payment information](./security#system-uptime)

Account protection

##### **2-factor authentication**

We provide a 2-factor authentication mechanism to protect our users from account takeover attacks.

##### **Account takeover protection**

We protect our users against data breaches by monitoring and blocking brute-force attacks.

Data encryption

##### Encryption in transit

All data sent to or from our infrastructure is encrypted in transit using industry-standard Transport Layer Security (TLS 1.2). You can view our SSLLabs report here for [**termius.com**](https://www.ssllabs.com/ssltest/analyze.html?d=termius.com&latest), [**api.termius.com**](https://www.ssllabs.com/ssltest/analyze.html?d=api.termius.com&latest), and [**account.termius.com**](https://www.ssllabs.com/ssltest/analyze.html?d=account.termius.com&latest).

##### Encryption at rest

All of our users' data (including passwords) is encrypted in the database using battle-tested encryption algorithms. In addition, our users' synchronized data is encrypted using [**end-to-end encryption**](https://docs.termius.com/termius-handbook/synchronization/synchronization-security-overview).

Data retention and removal

We offer customers the option to delete their data at the end of their subscription. All data is then completely removed from the dashboard and server. Users can request the removal of usage data through [**the account page**](https://account.termius.com/misc) or by contacting support.\
\
Read more about our privacy policy at [**https://termius.com/privacy-policy**](https://termius.com/privacy-policy).

Payment information

All payment processing is securely outsourced to Stripe, a PCI Level 1 certified service provider. We do not collect any payment information and are therefore not subject to PCI obligations.

### App and database security

[System uptime](./security#system-uptime)

[App security monitoring](./security#app-security-monitoring)

[App security protection](./security#app-security-protection)

[Infrastructure](./security#infrastructure)

[Network-level security](./security#network-level-security)

[DDoS protection](./security#ddos-protection)

System uptime

Our systems have 99.99% uptime according to our [**status page**](https://status.termius.com/).

App security monitoring

We collect and store logs to provide an audit trail of our application activity.

We use technology to monitor exceptions and logs and to detect application anomalies.

We use a security monitoring solution to monitor our application security, detect attacks, and respond quickly to a data breach.

App security protection

We use security headers to protect our users from attacks. You can check our grade on this security scanner for [**termius.com**](https://observatory.mozilla.org/analyze/termius.com), [**api.termius.com**](https://observatory.mozilla.org/analyze/api.termius.com), and [**account.termius.com**](https://observatory.mozilla.org/analyze/account.termius.com).

We use security automation capabilities that automatically detect and respond to threats targeting our apps.

Infrastructure

All of our services run in the cloud. We don't host or operate our routers, load balancers, DNS servers, or physical servers. Our service is based on Amazon Web Services. They provide strong security measures to protect our infrastructure and comply with most certifications. You can read more about their practices [**here**](https://aws.amazon.com/security/).

Network-level security

Our network security architecture consists of multiple security zones. We monitor and protect our network to ensure that unauthorized access does not occur using:
- A virtual private cloud (VPC), a bastion host, or VPN with network access control lists (ACLs) and no public IP addresses.\
\
- A firewall that monitors and controls inbound and outbound network traffic.\
\
- IP address filtering.

DDoS protection

We use Distributed Denial of Service (DDoS) mitigation services powered by an industry-leading solution.

### Internal policies and training

[Dedicated Security Team](./security#dedicated-security-team)

[Business continuity](./security#business-continuity)

[Secure development](./security#secure-development)

Dedicated Security Team

Our security team consists of security professionals dedicated to improving the security of our organization. Our employees are trained to respond to security incidents and are available 24/7.

Business continuity

We back up all of our critical assets and regularly attempt to restore the backup to ensure rapid recovery during a disaster. All of our backups are encrypted.

Secure development

We adhere to security best practices and frameworks (OWASP Top 10, SANS Top 25). We use the following best practices to ensure the highest level of protection in our software:
- Developers participate in regular security training to learn about common vulnerabilities and threats.\
\
- We review our code for security vulnerabilities.\
\
- We regularly update our dependencies and make sure none of them has known vulnerabilities.\
\
- We use Static Application Security Testing (SAST) to detect basic security vulnerabilities in our codebase.\
\
- We rely on yearly third-party security experts to perform penetration tests of our applications.

# Start security evaluation

Explore Termius security solutions and policies on your own.

[Evaluate Termius security](https://security.termius.com/)

SSH client for

[iPad](./free-ssh-client-for-ipad)

[iPhone](./free-ssh-client-for-iphone)

[Android](./free-ssh-client-for-android)

[macOS](./free-ssh-client-for-mac-os)

[Windows](./free-ssh-client-for-windows)

[Linux](./free-ssh-client-for-linux)

Product

[Download](https://termius.com/download)

[Gloria Ops](https://gloriaops.com)↗

[SSH ID Passkeys](https://sshid.io/)↗

[Vault](./vault)

Resources

[Education](./education)

[For Open Source](./opensource)

[Beta Program 🚀](./beta-program)

[Documentation](https://docs.termius.com/)

[Customer Support](https://support.termius.com/?_gl=1*1eep0vf*_ga*MTc4OTA4NjUwLjE2NzkyNjExMDc.*_ga_ZPQLW2Q816*MTY5MTQ2MTM4NC40NC4xLjE2OTE0NjE3ODQuMC4wLjA.)

[Feature Requests](https://ideas.termius.com/tabs/1-under-consideration?_gl=1*1eep0vf*_ga*MTc4OTA4NjUwLjE2NzkyNjExMDc.*_ga_ZPQLW2Q816*MTY5MTQ2MTM4NC40NC4xLjE2OTE0NjE3ODQuMC4wLjA.)

Security

[System Status](https://status.termius.com/?_gl=1*1eep0vf*_ga*MTc4OTA4NjUwLjE2NzkyNjExMDc.*_ga_ZPQLW2Q816*MTY5MTQ2MTM4NC40NC4xLjE2OTE0NjE3ODQuMC4wLjA.)

[Trust center](https://security.termius.com/)

[Security](./security)

[Changelog](https://termi.us/desktop-changelog)

Company

[About Us](./about)

[Blog](./blog)

[Careers](./careers)

[Brand Resources](./brand-resources)

Ⓒ 2026 Termius Corporation. All rights reserved

[Terms of Use](./terms-of-use)

[Privacy Policy](./privacy-policy)

[Responsible Disclosure](./responsible-disclosure)