Security and Compliance

As an IT professional you need to be able to assure your clients that their data is secure at every step of the process—not just once it’s in the cloud. We take the security and compliance of your clients’ data very seriously.

At BitTitan, we take data security and privacy very seriously. Our product has been used to migrate Fortune 100 companies, American and foreign governments, police departments, banks, stock exchanges, telecoms, hospitals, and healthcare organizations – all with very stringent security requirements. Read the BitTitan Security Overview White Paper attached below for a more detailed view of our policies.

ISO Certifications

ISO 27001 – The world’s best-known standard for information security management systems (ISMS). ISO 27001 means BitTitan has put in place a system to manage cybersecurity risks that respects best practices and principles of the International Organization for Standardization.

ISO 27701 – Built to complement ISO 27001, this standard specifies requirements and provides guidance for a Privacy Information Management System (PIMS) for personal data. This framework allows you to demonstrate compliance with regulatory requirements including GDPR and the California Consumer Privacy Act (CCPA).


BitTitan data centers operating within Azure are PCI compliant, and around the world are AICPA SSAE 16 (formerly SAS 70 Type II) compliant.

EU Model Clauses

We have a company-wide compliance program to meet this rigorous standard, and BitTitan can offer the EU Model Clauses to our European customers.

General Data Protection Regulation

We’ve updated our Privacy Policy to increase transparency around how we store, manage, and migrate personal data. In addition, we’ve put in place several internal processes between teams to ensure requests for information are properly and swiftly addressed. For GDPR questions and requests, please email


Zero Deployment

BitTitan products operate outside of the firewall and connect to messaging systems the same way any external user would. There is no need to install third-party software inside of your firewall or network.

Mailbox Data

Mailbox data (including subjects, bodies, attachments, etc.) are not stored on our servers. In some cases, the data may be cached temporarily in order to optimize network throughput. If cached, rest assured that your data is wiped immediately once that mailbox is done migrating.

Mailbox Credentials

Mailbox credentials are stored using military-grade AES encryption. The credentials are immediately purged from the system once you delete the corresponding configuration to which it is associated.

Auto-Purge Policy

We have implemented an automatic purge policy that will delete any configuration that is not used. If no migration has been performed within 90 days (either of your last migration or creation of configuration, whichever is later), we will delete the data from our servers. You can configure this to be a longer or shorter period.

Data Centers

BitTitan leverages Azure data centers, which are compliant with ISO/IEC 27001/27002:2013, SOC 1 Type 2 and SOC 2 Type 2, PCI DSS Level 1, FISMA, HIPAA/HITECH, CJIS, CSA CCM, FERPA and others. Customers can select from a variety of data center regions in which migrations will be processed. We offer data center locations in ​Australia, Europe, North America, Japan, South America, and Southeast Asia.