Enterprise data deserves enterprise-grade security.
Your financial records, employee data, procurement history, and operational data live in Tafkiro. That demands a security posture that can withstand board-level scrutiny — and defend against real threats.
Third-party verified. Not self-declared.
ISO 27001
AlignedOur information security management system is designed and operated to ISO 27001 standards. Full certification audit scheduled for Q4 2026.
SOC 2 Type II
In ProgressSOC 2 Type II readiness assessment completed. Audit period begins Q3 2026. Report expected Q1 2027.
GDPR
CompliantData processing agreements available for EU-resident data. Data Processing Addendum included in all enterprise contracts.
PDPA / DPDP
CompliantCompliant with India's Digital Personal Data Protection Act and Singapore's Personal Data Protection Act for customer data handling.
Your data stays in your jurisdiction.
Every Tafkiro tenant is provisioned in the customer's chosen data residency region. No cross-border transfers. Your data is never processed outside the designated region without explicit written consent.
India
All Indian customer data stays within India. DPDP Act compliant.
UAE
Gulf customer data in the Middle East region. UAE DP Law compliant.
Singapore
APAC customer data in Singapore. PDPA compliant.
European Union
EU customer data in Germany. GDPR Article 44+ transfer restrictions met.
Layered defences. No single point of trust.
Encryption
- AES-256 encryption at rest for all tenant data
- TLS 1.3 in transit — no downgrade to TLS 1.2 accepted
- Encryption keys managed per tenant, not shared
- Key rotation on 12-month schedule, emergency rotation available
Access Control
- Role-based access control (RBAC) with field-level permissions
- Multi-factor authentication enforced for all admin and finance roles
- Single sign-on (SSO) via SAML 2.0 and OIDC supported
- Session management with configurable idle timeout and IP binding
Audit & Monitoring
- Immutable audit trail on every data write — who, what, when, from where
- Real-time anomaly detection on user behaviour patterns
- Automated alerting on policy-violating access patterns
- Audit logs exportable for SIEM integration and compliance evidence
Infrastructure
- Dedicated tenant environments — no shared compute or database
- Daily encrypted backups with 30-day retention, point-in-time recovery
- Penetration testing by third-party on biannual schedule
- Vulnerability disclosure programme with 30-day remediation SLA for critical findings
Dedicated tenancy. Your data never touches another customer's.
Every Tafkiro customer runs in a dedicated environment — separate compute, separate database, separate encryption keys. There is no shared infrastructure between customers. A security incident at one customer cannot expose another.
Need our security documentation?
ISO 27001 alignment evidence, penetration test summaries, data processing agreements, and security architecture overviews are available to enterprise customers and prospects under NDA.
Email [email protected] →Found a security issue?
We welcome responsible disclosure. Critical findings receive a 30-day remediation commitment and public acknowledgement. Please do not disclose publicly before coordinating with us.
Report a vulnerability →Ready to see Tafkiro
in action?
Book a personalized demo with our enterprise team. We'll show you how Tafkiro works for your specific industry, your specific scale, and your specific operations.