Tangible Materials logoTangible Materials

Tangible Materials Trust Center

At Tangible Materials, security isn't just a feature—it's foundational to everything we build. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies. We treat the data entrusted to us—whether from our customers, their end users, or anyone who interacts with our organization—with the utmost care and responsibility. Security is embedded in our DNA, enabling us to deliver innovative solutions without compromising on protection.

trust@tangiblematerials.com

Compliance

Resources

Access Control and Termination Policy
Risk Assessment and Treatment Policy
Incident Response Policy
Information Technology Leadership Committee Charter
Risk and Governance Executive Committee Charter

Controls

Access control procedures
VPN access
Multifactor authentication
Access review of infrastructure
User list with assigned roles and privileges
Encryption of data
Backup and recovery policy
Source code tool
Outsourced Development Management
Sample code changes
Web application firewall
Vulnerability scanning
Intrusion detection tool
Infrastructure firewall
Infrastructure baseline hardening policy
Monitoring tool
Network diagram
Alerts and remediation
Security incident list
Breach notification communication
Whistleblower policy
Log management tool
Vendor management program
Vendor termination
Vendor list
Vendor onboarding
New employee and contractor agreements
List of active employees & contractors as on date
Employee handbook
List of newly hired employees & contractors
Customer onboarding
Multi-availability zones
Asset register maintaining
Risk and Governance Executive Committee meeting minutes
Risk management program
Information security policies and procedures
Asset register list
Patch management
Antivirus and malware configurations
Customer support issues resolved

Subprocessors

OpenAI
OpenAIAI & ML Services
Autodesk Construction Cloud
Autodesk Construction CloudCloud Infrastructure & Platform Services
Anthropic
AnthropicAI & ML Services

FAQs

No, we do not train any AI model, but rely on pre-train models listed in our sub-processors.

All systems are patched and updated on a documented, regular, and timely schedule using the Common Vulnerability Scoring System (CVSS) to aid in setting patching guidelines. Critical security vulnerabilities must be patched as soon as possible regardless of CVSS score.

The organization adheres to the principle of least privilege, giving team members access only to information necessary for their job functions. Requests for privilege escalation require documented approval by an authorized manager, and regular audits of access privileges to sensitive applications are performed.