Section

Details

Amazon Partner Network

Taloflow's applications have passed the rigorous security requirements to qualify as an Amazon Partner Network (APN) Advanced Technology Partner. This included a full architectural review of its platform by AWS Solution Architects.

Section

Details

Facilities

Taloflow's applications are hosted and managed within Amazon or Google's secure data centers where it uses Amazon Web Services (AWS) and Google Cloud Platform (GCP), respectively. Both Amazon and Google manage risk and undergo regular assessments to ensure compliance according to industry standards. Their data center operations have been accredited under ISO 27001, SOC 1 and SOC 2, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).

Location

The Amazon and Google data centers that Taloflow uses are located in the United States.

Section

Details

Encryption in Transit

Communications between you and Taloflow servers are encrypted via industry best-practices (HTTPS).

Encryption at Rest

Taloflow supports encryption of customer data at rest.

Section

Details

Background Checks

Taloflow performs background checks on all new employees in accordance with local laws.

Confidentiality Agreements

All hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality Agreements in addition to an acknowledgement letter that lists out the risks and penalties associated with handling customer information.

Section

Details

Policies

Taloflow has a reference guide for security best practices that all employees and contractors understand and abide by. Everything from how to perform regular compliance reviews to how to best use a security key are covered.

Training

All employees and contractors have undergone Security Training and receive regular security updates and tips.

Audits

Taloflow does a full audit of the security practices of all employees and contractors on a monthly basis to ensure that its security policies are followed by all parties.

Section

Details

Authentication

Taloflow supports sign-in and Google Authentication.

Secure Credential Storage

Taloflow follows secure credential storage best practices by never storing passwords in human readable format.

API Security & Authentication

The Taloflow API is SSL-only and you must be a verified user to make API requests. You can authorize against the API using an API token.

Separate Environments

Taloflow operates on three different levels of security environments: Development, Staging and Production.

Our Production environments have very limited access and hardened security measures in place. Development and Staging environments are separated from the Production environment, and no customer data is used in the Development or Staging environments.

There is no commonality of passwords or other security apparatus between the levels of security; they each take place within their own sandbox, and are not allowed to interact directly. All code is fully checked before moving between stages.

Virtual Private Clouds

Our cloud implementations use flexible VPC structures and appliances to provide best of breed security for our customers. We currently house one VPC with multiple subnets for each of the environments. Communication between the subnets is restricted by firewall and security rules. The subnets are not exposed to the Internet. All communication to the Internet comes through a Bastion service via reverse proxy.

Cloud Access

All cloud access for our environments is by fully authenticated Identity and Access Management (IAM) key.

Limit Plain Text

We send nothing in plain text. Incoming traffic is via HTTPS and messages are encrypted.

Code Scanning

We installed ClamAV antivirus where appropriate and also scan source code before acceptance. RKHunter is used to scan files level rootkits.

SSL Certificate

We use SSL for encryption of our sensitive data to protect from unauthorized access. We currently use a Comodo 2048-bit verified certificate.

Credit Card Information

We use a third-party tokenization service for all credit card numbers.

System Logs

All systems are designed to have centralized and read-only usage logs for looking back on security incidents.

Cryptography

Any process involving cryptography goes through a peer-review process.

Section

Details

Access & Roles

Taloflow has various permission levels for an organization (member and admin) and Taloflow users.

Transmission Security

All communications with Taloflow servers are encrypted using industry standard HTTPS. This ensures that all traffic between you and Taloflow is secure during transit.

Section

Details

Uptime

Taloflow has an uptime monitoring service available at status.taloflow.ai. We will update our customers on issues affecting uptime. You can contact our team to resolve any and all availability issues.

Redundancy

Taloflow service clustering and network redundancies mean that there is no single point of failure in our system.

Disaster Recovery

Our platform automatically restores customer applications and databases in the case of an outage.