This page summarizes Talarity's security commitments. For program-level detail, see our Trust Center.
1. Encryption
All data in transit is protected with TLS 1.3. Data at rest is encrypted with AES-256. Customer-managed keys are available on Enterprise contracts.
2. Authentication
SSO via SAML 2.0 and OIDC. SCIM 2.0 user provisioning. Optional or enforced TOTP-based MFA. App Check on every callable endpoint.
3. Access control
Role-based access control with three-layer enforcement (route registry, dispatcher, handler). Org-group-based feature gating. Least-privilege defaults.
4. Audit logging
60+ event types are captured in immutable, hash-chained audit logs. Logs are exportable via UI and API.
5. Vulnerability management
Regular vulnerability scanning, patch management on a defined SLA, and annual third-party penetration testing.
6. Incident response
Documented incident-response procedures with defined roles, escalation paths, and customer-notification commitments. Material incidents are reported to affected customers within applicable regulatory windows.
7. Vendor management
Sub-processors are vetted, contracted with appropriate DPAs, and listed publicly at /legal/sub-processors.
8. Reporting a vulnerability
Email security@talarity.com. We commit to acknowledge within two business days and resolve high-severity issues within a published SLA. Coordinated disclosure preferred.