# Security Overview

### Security overview

Taloflow is designed to protect customer evaluation data. Controls follow least privilege and defense in depth.

### Core controls

* **Authentication** is handled through Auth0. See [Authentication & Access Control](https://docs.taloflow.ai/security/platform-controls/authentication-and-access-control).
* **Authorization** is enforced centrally via policy. See [Authorization & Permissions](https://docs.taloflow.ai/security/platform-controls/authorization-and-permissions).
* **Encryption** is used in transit and supported at rest. See [Encryption Standards](https://docs.taloflow.ai/security/platform-controls/encryption).
* **Auditability** is supported via request-level logging. See [Logs, Audit Logs, and Backups](https://docs.taloflow.ai/security/platform-controls/logs-audit-logs-and-backups).
* **Tenant isolation** is part of platform design. See [Tenant & Environment Isolation](https://docs.taloflow.ai/security/platform-controls/tenant-and-environment-isolation).
* **Resilience** is addressed through backups and recovery practices. See [Availability & Continuity](https://docs.taloflow.ai/security/security-operations/availability-and-continuity) and [Disaster Recovery](https://docs.taloflow.ai/security/security-operations/disaster-recovery).
* **Payments** are processed by Stripe. See [Payment Security](https://docs.taloflow.ai/security/trust-and-governance/payment-security).

### Compliance

Certification status and audit updates live in [Compliance & Certifications](https://docs.taloflow.ai/security/trust-and-governance/compliance-and-certifications).

### Security questions

Send vendor security questionnaires and document requests through the [Support Hub](https://docs.taloflow.ai/security/broken-reference).