# Security & Compliance - [Security Overview](https://docs.taloflow.ai/security/security-overview.md): High-level summary of Taloflow security controls and where to find details. - [Platform Controls](https://docs.taloflow.ai/security/platform-controls.md): Identity, encryption, logging, isolation, and data retention controls. - [Authentication & Access Control](https://docs.taloflow.ai/security/platform-controls/authentication-and-access-control.md): How Taloflow authenticates users and services, and manages tokens. - [Authorization & Permissions](https://docs.taloflow.ai/security/platform-controls/authorization-and-permissions.md): This document covers the extensive and robust permissioning capabilities available within the Taloflow platform for customized access and control schemes. - [Encryption Standards](https://docs.taloflow.ai/security/platform-controls/encryption.md): Encryption in transit and at rest across Taloflow services. - [Logs, Audit Logs, and Backups](https://docs.taloflow.ai/security/platform-controls/logs-audit-logs-and-backups.md): Retention and contents of auth and audit logs, plus backup schedules. - [Tenant & Environment Isolation](https://docs.taloflow.ai/security/platform-controls/tenant-and-environment-isolation.md): How Taloflow isolates tenants and separates dev, staging, and production. - [Evaluation Data Retention](https://docs.taloflow.ai/security/platform-controls/evaluation-data-retention.md): How long evaluations are kept, who owns the data, and export options. - [Secrets Management](https://docs.taloflow.ai/security/platform-controls/secrets-management.md): How Taloflow stores and delivers runtime secrets (and why we avoid env vars). - [Security Operations](https://docs.taloflow.ai/security/security-operations.md): Operational security practices for detection, response, and recovery. - [Malware Protection](https://docs.taloflow.ai/security/security-operations/malware-protection.md): Controls that reduce malware risk across code, devices, and deployment. - [Incident Response](https://docs.taloflow.ai/security/security-operations/incident-response.md): How Taloflow detects, contains, and communicates security incidents. - [Disaster Recovery](https://docs.taloflow.ai/security/security-operations/disaster-recovery.md): Recovery objectives, restore process, and emergency failover options. - [Physical Security](https://docs.taloflow.ai/security/security-operations/physical-security.md): Hosting provider facility security and where Taloflow data is located. - [Availability & Continuity](https://docs.taloflow.ai/security/security-operations/availability-and-continuity.md): Monitoring, redundancy, and continuity approach for the Taloflow platform. - [Trust & Governance](https://docs.taloflow.ai/security/trust-and-governance.md): Compliance status, payments, and organizational security practices. - [People & Security Culture](https://docs.taloflow.ai/security/trust-and-governance/security.md): Hiring, training, and operating practices that support Taloflow security. - [Compliance & Certifications](https://docs.taloflow.ai/security/trust-and-governance/compliance-and-certifications.md): Current audit status, certifications, and materials for customer reviews. - [Payment Security](https://docs.taloflow.ai/security/trust-and-governance/payment-security.md): How Taloflow processes payments and protects payment details. - [Data Privacy](https://docs.taloflow.ai/security/data-privacy.md) - [Data Subject Rights](https://docs.taloflow.ai/security/data-privacy/data-subject-rights.md) - [Personal Data Inventory](https://docs.taloflow.ai/security/data-privacy/personal-data-inventory.md) - [Third-party Subprocessors](https://docs.taloflow.ai/security/data-privacy/third-party-subprocessors.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.taloflow.ai/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.