# Security Overview

### Security overview

Taloflow is designed to protect customer evaluation data. Controls follow least privilege and defense in depth.

### Core controls

* **Authentication** is handled through Auth0. See [Authentication & Access Control](/security/platform-controls/authentication-and-access-control.md).
* **Authorization** is enforced centrally via policy. See [Authorization & Permissions](/security/platform-controls/authorization-and-permissions.md).
* **Encryption** is used in transit and supported at rest. See [Encryption Standards](/security/platform-controls/encryption.md).
* **Auditability** is supported via request-level logging. See [Logs, Audit Logs, and Backups](/security/platform-controls/logs-audit-logs-and-backups.md).
* **Tenant isolation** is part of platform design. See [Tenant & Environment Isolation](/security/platform-controls/tenant-and-environment-isolation.md).
* **Resilience** is addressed through backups and recovery practices. See [Availability & Continuity](/security/security-operations/availability-and-continuity.md) and [Disaster Recovery](/security/security-operations/disaster-recovery.md).
* **Payments** are processed by Stripe. See [Payment Security](/security/trust-and-governance/payment-security.md).

### Compliance

Certification status and audit updates live in [Compliance & Certifications](/security/trust-and-governance/compliance-and-certifications.md).

### Security questions

Send vendor security questionnaires and document requests through the [Support Hub](broken://spaces/-MQkUmzRViVxDERN9vKk/pages/7w2btLpaU63hhnW4Dd7q).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.taloflow.ai/security/security-overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.