> ## Documentation Index
> Fetch the complete documentation index at: https://docs.traversal.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Security
> Traversal's security architecture, certifications, and controls — including SOC 2 Type II, GDPR, HIPAA, and read-only access design.
Traversal maintains robust controls across access, data handling, and system operations. Security is a core design principle, not an add-on.
## Security certifications
Traversal maintains a **SOC 2 Type II** attestation, aligns with **GDPR** and **HIPAA** requirements, and undergoes regular third-party penetration testing.
Request compliance reports, review security documentation, and find more information about Traversal's certifications.
## Security-first architecture
Traversal is built from the ground up with security as a core design principle.
Traversal deploys no sidecars or background processes in your environment. There is nothing running in your infrastructure on Traversal's behalf.
Traversal cannot modify your systems or data. All integrations require read-only access only — no write privileges to your data stores or code.
Traversal does not rely on brittle integrations or sensitive structural dependencies. There is no schema configuration required.
Traversal avoids hard-coded prompts or hidden logic that can introduce risk or unpredictable behavior.
## Network allowlisting
If your network policies or firewalls require allowlisting of external IP addresses, the relevant IPs depend on how Traversal connects to your environment.
These IP addresses are expected to remain stable, but may change due to infrastructure maintenance operations. Traversal does not guarantee IP address permanence.
### Direct integrations
When Traversal's [SaaS](/architecture/intro#saas) environment connects directly to your integrated services (not through the [Traversal Connector](/architecture/connector)), it uses the following IP addresses:
| IP address |
| -------------- |
| `50.112.45.78` |
| `35.162.155.1` |
| `52.43.83.98` |
Add these to your service-side allowlists.
### Traversal Connector
When the [Traversal Connector](/architecture/connector) is deployed in your environment to reach Traversal's [SaaS](/architecture/intro#saas), it establishes outbound connections to `edge.traversal.com`. If your environment restricts egress traffic, allowlist the following IP addresses:
| IP address |
| --------------- |
| `44.254.181.73` |
| `16.148.183.36` |
| `54.71.194.238` |
### Traversal Processor
When the [Traversal Processor](/architecture/processor) is deployed in your environment to reach Traversal's [SaaS](/architecture/intro#saas), it sends telemetry to `ingest.traversal.com`. If your environment restricts egress traffic, allowlist the following IP addresses:
| IP address |
| ---------------- |
| `52.13.31.181` |
| `16.146.208.114` |
| `44.241.232.92` |
For [BYOC](/architecture/intro#byoc-bring-your-own-cloud) deployments, these IPs do not apply — the Traversal Connector and Processor reach the Traversal control plane within your dedicated BYOC environment.
## Data privacy
Customer data is not used for cross-customer training, model improvement, or service optimization. Any data processing is limited to in-context use for the originating customer only. All customer data is protected through strict isolation, access controls, and privacy safeguards.
For more detail, see the [Data privacy](/responsible-use/data-privacy) page.
## Contact security
For detailed security documentation, compliance reports, or to discuss your specific requirements, contact the Traversal security team at [security@traversal.com](mailto:security@traversal.com).