New · Tafkiro AI v2 ships predictive cash-flow forecastingRead the release →
Security & Compliance

Enterprise data deserves enterprise-grade security.

Your financial records, employee data, procurement history, and operational data live in Tafkiro. That demands a security posture that can withstand board-level scrutiny — and defend against real threats.

ISO 27001 Aligned
SOC 2 In Progress
GDPR Compliant
AES-256 Encrypted
Zero Data Sharing
Certifications & Standards

Third-party verified. Not self-declared.

ISO 27001

Aligned

Our information security management system is designed and operated to ISO 27001 standards. Full certification audit scheduled for Q4 2026.

SOC 2 Type II

In Progress

SOC 2 Type II readiness assessment completed. Audit period begins Q3 2026. Report expected Q1 2027.

GDPR

Compliant

Data processing agreements available for EU-resident data. Data Processing Addendum included in all enterprise contracts.

PDPA / DPDP

Compliant

Compliant with India's Digital Personal Data Protection Act and Singapore's Personal Data Protection Act for customer data handling.

Data Residency

Your data stays in your jurisdiction.

Every Tafkiro tenant is provisioned in the customer's chosen data residency region. No cross-border transfers. Your data is never processed outside the designated region without explicit written consent.

IN

India

AWS Mumbai (ap-south-1)

All Indian customer data stays within India. DPDP Act compliant.

AE

UAE

AWS Bahrain (me-south-1)

Gulf customer data in the Middle East region. UAE DP Law compliant.

SG

Singapore

AWS Singapore (ap-southeast-1)

APAC customer data in Singapore. PDPA compliant.

EU

European Union

AWS Frankfurt (eu-central-1)

EU customer data in Germany. GDPR Article 44+ transfer restrictions met.

Security Controls

Layered defences. No single point of trust.

Encryption

  • AES-256 encryption at rest for all tenant data
  • TLS 1.3 in transit — no downgrade to TLS 1.2 accepted
  • Encryption keys managed per tenant, not shared
  • Key rotation on 12-month schedule, emergency rotation available

Access Control

  • Role-based access control (RBAC) with field-level permissions
  • Multi-factor authentication enforced for all admin and finance roles
  • Single sign-on (SSO) via SAML 2.0 and OIDC supported
  • Session management with configurable idle timeout and IP binding

Audit & Monitoring

  • Immutable audit trail on every data write — who, what, when, from where
  • Real-time anomaly detection on user behaviour patterns
  • Automated alerting on policy-violating access patterns
  • Audit logs exportable for SIEM integration and compliance evidence

Infrastructure

  • Dedicated tenant environments — no shared compute or database
  • Daily encrypted backups with 30-day retention, point-in-time recovery
  • Penetration testing by third-party on biannual schedule
  • Vulnerability disclosure programme with 30-day remediation SLA for critical findings
Architecture

Dedicated tenancy. Your data never touches another customer's.

Every Tafkiro customer runs in a dedicated environment — separate compute, separate database, separate encryption keys. There is no shared infrastructure between customers. A security incident at one customer cannot expose another.

Dedicated database
No shared tables, no multi-tenant row isolation — separate database instance per customer
Separate compute
Your workload runs on isolated compute, not shared containers or VMs
Unique encryption keys
Your tenant key is generated at provisioning and never shared with another customer
Security Enquiries

Need our security documentation?

ISO 27001 alignment evidence, penetration test summaries, data processing agreements, and security architecture overviews are available to enterprise customers and prospects under NDA.

Email [email protected]
Vulnerability Disclosure

Found a security issue?

We welcome responsible disclosure. Critical findings receive a 30-day remediation commitment and public acknowledgement. Please do not disclose publicly before coordinating with us.

Report a vulnerability

Ready to see Tafkiro
in action?

Book a personalized demo with our enterprise team. We'll show you how Tafkiro works for your specific industry, your specific scale, and your specific operations.