At Palm,
security is
a core commitment

Our treasury platform protects your sensitive financial data with strong controls, secure cloud infrastructure, and independent certifications — delivering the trust, compliance, and peace of mind you expect.

You are safe

How Palm is built for security

Palm follows the security principles trusted across the financial world — with built-in safeguards, structured processes, and rigorous controls to protect your data at every step.

Our security framework spans technology, people, and process — from encrypted infrastructure and access management to ongoing employee training and vendor review. These are not just policies on paper, but active controls validated by independent auditors.

We are safe

SOC 2 Type I Certified

Palm is proud to be SOC 2 Type I certified, demonstrating our adherence to the AICPA’s Trust Services Criteria for Security. This certification affirms that our internal controls are well-designed to keep your data safe — and that they’ve been independently assessed by a third-party auditor.

SOC 2 Type I

What this
means for you

Role-based access controls and documented approval

Background checks for all employees

Required security training within 30 days of hire

Daily vulnerability scanning and annual penetration testing

Clear incident response procedures and tested recovery plans

Why it matters:

SOC 2 is the gold standard for evaluating how a company handles sensitive data. It helps you — and your compliance team — verify that we meet enterprise-level security expectations.

Your data is safe

Cloud Infrastructure, Hardened by Design

Palm runs entirely on Google Cloud Platform (GCP) — one of the most secure, audited cloud environments in the world. We inherit GCP’s physical protections, and layer on our own strict practices:

No unmanaged physical servers — 100% cloud-native
Isolated production environments, tightly access-controlled
Encrypted backups stored and tested regularly
Secure software development lifecycle with peer reviews and approval gates

Your data is encrypted at rest and in transit. Our infrastructure is continuously monitored for performance, integrity, and security.

Security in Practice

Security at Palm is not theoretical , it’s operationalised every day.

Access is role-based, provisioned with manager approval, and reviewed quarterly

All changes to systems follow a structured SDLC with required testing and peer review

Vulnerability scans run daily, and issues are triaged under internal SLAs

A threat detection system and real-time infrastructure monitoring help identify and respond to anomalies

Incident response and business continuity plans are tested annually

Third-party vendors are reviewed regularly, with SOC reports and risk assessments

We know,
security is critical

(+)

We're happy to share our SOC 2 report, dive deeper into our policies, or walk your compliance team through our security program. Just reach out at hello@usepalm.com