# Security & Compliance

- [Security Overview](/security/security-overview.md): High-level summary of Taloflow security controls and where to find details.
- [Platform Controls](/security/platform-controls.md): Identity, encryption, logging, isolation, and data retention controls.
- [Authentication & Access Control](/security/platform-controls/authentication-and-access-control.md): How Taloflow authenticates users and services, and manages tokens.
- [Authorization & Permissions](/security/platform-controls/authorization-and-permissions.md): This document covers the extensive and robust permissioning capabilities available within the Taloflow platform for customized access and control schemes.
- [Encryption Standards](/security/platform-controls/encryption.md): Encryption in transit and at rest across Taloflow services.
- [Logs, Audit Logs, and Backups](/security/platform-controls/logs-audit-logs-and-backups.md): Retention and contents of auth and audit logs, plus backup schedules.
- [Tenant & Environment Isolation](/security/platform-controls/tenant-and-environment-isolation.md): How Taloflow isolates tenants and separates dev, staging, and production.
- [Evaluation Data Retention](/security/platform-controls/evaluation-data-retention.md): How long evaluations are kept, who owns the data, and export options.
- [Secrets Management](/security/platform-controls/secrets-management.md): How Taloflow stores and delivers runtime secrets (and why we avoid env vars).
- [Security Operations](/security/security-operations.md): Operational security practices for detection, response, and recovery.
- [Malware Protection](/security/security-operations/malware-protection.md): Controls that reduce malware risk across code, devices, and deployment.
- [Incident Response](/security/security-operations/incident-response.md): How Taloflow detects, contains, and communicates security incidents.
- [Disaster Recovery](/security/security-operations/disaster-recovery.md): Recovery objectives, restore process, and emergency failover options.
- [Physical Security](/security/security-operations/physical-security.md): Hosting provider facility security and where Taloflow data is located.
- [Availability & Continuity](/security/security-operations/availability-and-continuity.md): Monitoring, redundancy, and continuity approach for the Taloflow platform.
- [Trust & Governance](/security/trust-and-governance.md): Compliance status, payments, and organizational security practices.
- [People & Security Culture](/security/trust-and-governance/security.md): Hiring, training, and operating practices that support Taloflow security.
- [Compliance & Certifications](/security/trust-and-governance/compliance-and-certifications.md): Current audit status, certifications, and materials for customer reviews.
- [Payment Security](/security/trust-and-governance/payment-security.md): How Taloflow processes payments and protects payment details.