Tenant & Environment Isolation

Scope

This page covers tenant isolation and environment separation.

Data ownership and storage

Taloflow maintains clear separation between different types of data:

Taloflow Platform Data:

• Evaluation configurations

• Methodology templates

• Vendor databases

• Rating criteria

Client Data:

• Evaluation results

• Custom configurations

• Reports and exports

• All data created within your evaluations

Personal Information (PII)

• No client personal data is stored in Taloflow's database

• All Personally Identifiable Information (PII) is managed exclusively by Auth0

• Zero proprietary client data storage outside of evaluation-specific information

Environment Separation

• Development: Isolated development environment

• Staging: Pre-production testing environment

• Production: Live customer environment

Each environment is separated with no cross-contamination of data or credentials.

No customer evaluation data is used in development or staging.

Secrets and credentials are not shared across environments.

Network segmentation

Taloflow uses network segmentation to limit lateral movement.

Subnets are restricted by firewall and security rules.

Administrative access uses controlled entry points (for example, bastion-style access).

Database Access Control

• Server-level restrictions: Database access is controlled at the server level

• OPA authorization: All user requests pass through Open Policy Agent evaluation

• Functional table access: Some tables require related access for functionality (e.g., evaluations require access to policies, status, and settings tables)

• Resolver-level security: Additional security controls at the application resolver level