Tool Overview:
TerraTrue

About TerraTrue

TerraTrue is a privacy and security platform that integrates privacy and security reviews into the product development lifecycle. The platform aims to streamline privacy workflows by consolidating vendor assessments, security reviews, and privacy compliance into a single interface. It provides automated pre-deployment security reviews and integrates with common development tools like Jira, Slack, and Github.

What does TerraTrue do?

The platform combines several key functions related to privacy and security management. TerraTrue automates security reviews during product development, allowing teams to identify potential issues before release. The platform includes customizable templates for vendor assessments and security reviews, with risk scoring capabilities to help prioritize incoming security requests. TerraTrue's data discovery functionality connects with cloud providers to track data usage and storage across an organization, maintaining an automated data map that updates with each privacy review.

For compliance management, TerraTrue provides modules for different privacy regulations including GDPR and US privacy laws. The platform automates various compliance processes including records of processing activities (ROPA), data protection impact assessments (DPIA), and legitimate interest assessments (LIA). When regulations change, the platform scans past assessments to identify needed updates, reducing the need for manual reassessments.

What makes TerraTrue different?

TerraTrue takes an integration-first approach. The platform connects directly with development tools and cloud providers, enabling automated workflows and real-time data mapping. This integration allows the platform to trigger reviews automatically when needed and maintain current records of data processing activities without manual intervention.

The platform takes a modular approach to privacy compliance, allowing organizations to activate specific privacy modules based on their needs. Each module contains relevant templates, workflows, and guidance for different privacy regulations. This structure lets organizations manage multiple privacy frameworks through a single workflow while maintaining separate documentation for each requirement.

Use cases and industries

TerraTrue serves privacy and security teams across various sectors, with documented implementations at companies like Ancestry, Lyft, OfferUp, and Foursquare. The platform addresses several specific use cases including vendor risk management, privacy impact assessments, and data mapping. For vendor management, it provides assessment templates and tracking capabilities. In terms of privacy assessments, it automates the review process and maintains documentation of processing activities.

The platform includes features for cross-border data transfer management, ensuring appropriate safeguards are in place for international data flows. It also provides capabilities for managing personal information categories including SPI, PII, PHI, and NPI, with specific controls and documentation requirements for each type. The system includes provisioning and access control features, supporting SSO integration with common providers like Okta, OneLogin, Azure AD, and JumpCloud.