This is a new announcement banner that can be turned on and off

How we protect the data you trust us with
Your peers are saving one day a week by using Termgrid for their debt financing processes
The largest network in private capital – ensuring you can connect with the right institution quickly and easily
Termgrid was founded to help private equity firms and lenders streamline their debt financing and portfolio management processes. Because our platform handles highly sensitive financial data, security is not a feature—it is foundational to everything we do.
We maintain a formal Information Security Management System, aligned with industry standards, designed to protect the confidentiality, integrity, and availability of all data on our platform and to respond quickly and effectively when incidents arise.
Termgrid has achieved SOC 2 Type II attestation, providing third-party validation that our security controls meet rigorous standards for operational security. Termgrid is also GDPR compliant, with appropriate data processing agreements, privacy controls, and procedures in place, monitored through our compliance platform. Full documentation, including our Privacy Policy and Terms of Service, is available at trust.termgrid.com.
Termgrid’s platform is hosted on Amazon Web Services (AWS) in the United Kingdom. Our infrastructure approach includes UK-based data hosting to support data residency requirements for our European client base, multi-availability zone architecture to support business continuity, strict network controls and continuous monitoring, and least-privilege access controls limiting who can access what data and systems.
Termgrid treats client data and personally identifiable information (PII) with the highest level of care. Our data security practices are built around three core principles: confidentiality, integrity, and availability. Formal data management policies govern how information is created, stored, processed, transmitted, and disposed of throughout its lifecycle. Data is protected using AES 256-bit encryption at rest and TLS 1.2+ encryption in transit, firewalls, and user access controls, and is retained only for as long as necessary to fulfill the purposes for which it was collected. PII is handled in accordance with GDPR and other applicable laws. Termgrid conducts regular penetration testing to identify and address vulnerabilities, with reports available to clients upon request.
Access to Termgrid systems and client data is governed by a formal Access Control Policy built around the principle of least privilege. Role-based access limits system and data access to those who require it for their function. Segregation of duties prevents any single individual from having unchecked access to critical systems or data. Access is monitored continuously and reviewed regularly. All platform users are additionally bound by Termgrid’s Terms of Service, which requires that all information on the platform be treated as confidential and restricts its reproduction or distribution.
Termgrid works with a carefully selected set of third-party subprocessors to deliver our service. All vendors are evaluated for their security posture before engagement and are subject to our Vendor Management Policy. Current subprocessors include:
AWS (cloud infrastructure, UK), Twilio (customer service, US), SendGrid (customer service, US), Google Workspace (collaboration, US & UK), Termgrid Limited (sales, UK), Pendo (product management tools, UK), Sprinto (security software, India), and Credence Solutions Group, LLC (security software, US).
A full and current subprocessor list is maintained at trust.termgrid.com (trust.termgrid.com — Subprocessors).
Termgrid maintains a formal Incident Management Policy covering the identification, escalation, resolution, and post-incident review of any security event that could affect client data. Security incidents are reported and tracked through our compliance monitoring platform. Our Information Security Officer holds executive authority over all incident response activities.
Answers to the questions we hear most often from clients and prospects evaluating Termgrid.
Termgrid has completed a SOC 2 Type II audit, with security, availability, and confidentiality controls independently assessed and attested to. Termgrid is also GDPR compliant, with data processing agreements, privacy controls, and procedures in place to meet GDPR requirements.
AWS, United Kingdom, supporting data residency requirements for our European and UK-based clients.
Yes. Termgrid conducts regular penetration testing, with reports available upon request through trust.termgrid.com.
Our infrastructure is designed with business continuity in mind, including multi-availability zone architecture to minimize single points of failure. We maintain formal Business Continuity and Disaster Recovery plans, and the platform is monitored continuously for availability.
AWS, Twilio, SendGrid, Google Workspace, Termgrid Limited, Pendo, Sprinto, and Credence Solutions Group, LLC.
Data is protected using AES 256-bit encryption at rest, TLS 1.2+ encryption in transit, firewalls, and user access controls, and retained only for as long as necessary. Access is governed by a least-privilege model — staff can only access data required for their role. Separation of duties ensures no single individual has unchecked access to critical systems or data. All platform users are bound by Termgrid’s Terms of Service, which requires all information on the platform to be treated as confidential.
Termgrid has a formal Incident Management Policy covering detection, escalation, containment, resolution, and post-incident review. Our Information Security Officer has executive authority over all incident response.
All policies are reviewed at least annually, or immediately following any significant change or incident. Our Trust Center at trust.termgrid.com provides access to our compliance status, policy library, subprocessor list, Privacy Policy, and Terms of Service. Additional documentation is available upon request.