Security at Tealio
Tealio is committed to security at every level.
Your information is securely stored using the latest in encryption and security standards.
Have questions? Contact us.
HIPAA / GDPR / POPI Compliant with data retention policies
Full audit trail of all actions
Data & Information
- At Rest: We only store your data in our production environment. Your data is encrypted with AES-256.
- In Transit: All network communication uses TLS v1.2+ and is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. HTTP Strict Transport Security (HSTS) with long duration is enforced. Qualys' SSL Labs scored our SSL implementation as "A+" on their SSL Server test.
Our backup processes ensure data and information consistency with highest standards. Multiple backups are taken per day with a 30 day retention period.
Credit card and payment information is not stored on our servers. All payments made to Tealio go through our payments partner, Stripe (which is PCI compliant).
We capture logs, events, and metrics through our partner Sentry. For security vulnerability scanning, we use Snyk for 24x7 alerts and detection. As well as leveraging native monitoring tools through Netlify and AWS.
We log every action performed in the system and offer an audit trail as part of our features.
Disaster Recovery and Business Continuity
We have a disaster recovery and business continuity plan in place. We perform regular disaster recovery and business continuity tests.
Want to learn more? Please contact us at email@example.com
Periodic independent third party penetration tests are performed.
Security and confidentiality incidents submitted to firstname.lastname@example.org will be resolved in accordance with established incident policy.
Monthly risk assessments are performed to ensure the applications are secure and adhering to best practices.
We carefully review our vendors and partners to ensure adherence to our security and compliance requirements.
Secure from Browser
Tealio is using Talon Cyber Security to ensure that our personnel's browsers are secure and up to date. Keeping our personnel's browsers secure is a critical part of our security strategy.
We do also offer our customers the ability to use Talon Cyber Security to keep their environment secure while using Tealio and other web applications.
An individual's level of access is determined by their job role. We practice a policy of least privilege access. We perform regular logical access reviews and remove access immediately if it's no longer required.
Tealio uses Identity and Access Management (IAM) for activities that require sensitive privileged access.
MFA is enforced for every individual with logical access and required on every third party service that touches our environment.
Our personnel's devices are registered with our asset inventory and secured with antivirus software, device blocking and security patches.
Evaluation & Training
We perform background checks and require confidentiality agreements with all of our personnel. Additionally, we require yearly security awareness training.