Security
Security
Updated 11/30/2022
Product Security
Talli has security features to give you strong control over your data.
PASSWORD SECURITY - App passwords are required to be at least 8 characters and contain a combination of letters, numbers and symbols.
UPTIME - The Talli Platform’s Availability SLA is 99.7% uptime.
USER PERMISSIONS - While logged in, the Talli Platform’s authorization model can assign different permissions to restrict access to data you own, or data you have explicitly been given permission to see.
Infrastructure Security
Talli’s infrastructure security prevents access to data from outside actors.
HOSTING - Talli is hosted on Amazon Web Services. You can learn more about the AWS secure infrastructure here. More information about other data Subprocessors below.
DATA BACKUPS - Talli has automatic daily backups of all user data. Data is encrypted in transit and at rest, and replicated in multiple Availability Zones for redundancy.
ENCRYPTION - Data stored at rest on the Talli Platform is encrypted using the industry standard AES-256 encryption algorithm. This includes our automated backups, read replicas, and snapshots. All Talli endpoints are secured via SSL and only accessible over HTTPS.
DE-IDENTIFICATION OF DATA - Personally identifying data from the user profile is stored separately from health event data in our data structure. The profile data and health data require an encoded key to link them for the purpose of enabling each authenticated user to access his or her own data.
Other Security Features
Other ways we protect your data.
EMPLOYEE POLICIES - All Talli employees who interface with data systems are trained on data security practices regularly. Additionally, we require all employees and non-employee contractors to sign confidentiality agreements.
PCI & PAYMENT SECURITY - All app payments are handled as in-app purchases through the Apple App Store and Google Play Store. We never hold financial information on our own servers. You can read more about Apple’s data protection policies here. You can read about Google’s data protection policies here.