Security at Tealio

Data & Information

Encryption

• At Rest: We only store your data in our production environment. Your data is encrypted with AES-256.
• In Transit: All network communication uses TLS v1.2+ and is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. HTTP Strict Transport Security (HSTS) with long duration is enforced. Qualys' SSL Labs scored our SSL implementation as "A+" on their SSL Server test.

Backup Policy

Our backup processes ensure data and information consistency with highest standards. Multiple backups are taken per day with a 30 day retention period.

Privacy Policy

We are committed to protecting your privacy and your data, read our Privacy Policy to learn more.

Payment Details

Credit card and payment information is not stored on our servers. All payments made to Tealio go through our payments partner, Stripe (which is PCI compliant).

Infrastructure

Secure Infrastructure

Our cloud providers are Amazon AWS and Netlify. We leverage cloud native tools to manage firewall rules, threat detection and DMZ enforcement.

Real-Time Monitoring

We capture logs, events, and metrics through our partner Sentry. For security vulnerability scanning, we use Snyk for 24x7 alerts and detection. As well as leveraging native monitoring tools through Netlify and AWS.

Logging

We log every action performed in the system and offer an audit trail as part of our features.

Disaster Recovery and Business Continuity

We have a disaster recovery and business continuity plan in place. We perform regular disaster recovery and business continuity tests.
Want to learn more? Please contact us at support@tealio.ai

Continuous Security

Periodic independent third party penetration tests are performed.

Incident Management

Security and confidentiality incidents submitted to support@tealio.ai will be resolved in accordance with established incident policy.

Risk Management

Monthly risk assessments are performed to ensure the applications are secure and adhering to best practices.

Vendors

Partner Selection

We carefully review our vendors and partners to ensure adherence to our security and compliance requirements.

Personnel

Secure from Browser

Tealio is using Talon Cyber Security to ensure that our personnel's browsers are secure and up to date. Keeping our personnel's browsers secure is a critical part of our security strategy.
We do also offer our customers the ability to use Talon Cyber Security to keep their environment secure while using Tealio and other web applications.

Logical Access

An individual's level of access is determined by their job role. We practice a policy of least privilege access. We perform regular logical access reviews and remove access immediately if it's no longer required.

Secure Access

Tealio uses Identity and Access Management (IAM) for activities that require sensitive privileged access.

Multi-Factor Authentication

MFA is enforced for every individual with logical access and required on every third party service that touches our environment.

Asset Control

Our personnel's devices are registered with our asset inventory and secured with antivirus software, device blocking and security patches.

Evaluation & Training

We perform background checks and require confidentiality agreements with all of our personnel. Additionally, we require yearly security awareness training.