Palm

At Palm, security is a core commitment

Our treasury platform protects your sensitive financial data with strong controls, secure cloud infrastructure, and independent certifications — delivering the trust, compliance, and peace of mind you expect.

How Palm is built for security

Palm follows the security principles trusted across the financial world — with built-in safeguards, structured processes, and rigorous controls to protect your data at every step.

Our security framework spans technology, people, and process — from encrypted infrastructure and access management to ongoing employee training and vendor review. These are not just policies on paper, but active controls validated by independent auditors.

SOC 2 Type II Certified

Palm is proud to be SOC 2 Type II certified, demonstrating our adherence to the AICPA’s Trust Services Criteria for Security. This certification affirms that our internal controls are well-designed to keep your data safe — and that they’ve been independently assessed by a third-party auditor.

Palm is SOC 2 Type II certified

SOC 2 Type II

What this means for you

    Role-based access controls and documented approval
    Background checks for all employees
    Required security training within 30 days of hire
    Daily vulnerability scanning and annual penetration testing
    Clear incident response procedures and tested recovery plans

Why it matters:

SOC 2 is the gold standard for evaluating how a company handles sensitive data. It helps you — and your compliance team — verify that we meet enterprise-level security expectations.

Your data is safe

Cloud Infrastructure, Hardened by Design

Palm runs entirely on Google Cloud Platform (GCP) — one of the most secure, audited cloud environments in the world. We inherit GCP’s physical protections, and layer on our own strict practices:

  • No unmanaged physical servers — 100% cloud-native
  • Isolated production environments, tightly access-controlled
  • Encrypted backups stored and tested regularly
  • Secure software development lifecycle with peer reviews and approval gates

Your data is encrypted at rest and in transit. Our infrastructure is continuously monitored for performance, integrity, and security.

Palm runs on Google Cloud Platform

Security in Practice

Security at Palm is not theoretical — it’s operationalised every day.

    Access is role-based, provisioned with manager approval, and reviewed quarterly
    All changes to systems follow a structured SDLC with required testing and peer review
    Vulnerability scans run daily, and issues are triaged under internal SLAs
    A threat detection system and real-time infrastructure monitoring help identify and respond to anomalies
    Incident response and business continuity plans are tested annually
    Third-party vendors are reviewed regularly, with SOC reports and risk assessments

FAQs

Frequently asked questions

Find answers to your questions

Still have questions?

We're here to help you!

Contact us

Get started with Palm

Book a Demo