IT & Security Documentation

Security

Privacy

Policies

Services

Service Terms

Credits

Credit Purchase Terms

Ambassadors

How to Partner

Trademarks

Current Trademarks

Garry Johnston - Vodafone New Zealand

“I had a great chat with Tallyfy – and love the user-first design. They are also a rare example of transparency and confidence. The legal compliance and security page (which hardly anyone would normally read) would be one of the best examples of open communication I have seen for a while – around how the service is constructed and the underpinning technologies and services used. Well worth a look if you are technically-minded, or just interested in how a modern tech. company approaches their IT. Good stuff!”

Summary of IT and infrastructure information

Tallyfy is one of the few cloud-based workflow platforms that properly passes SSL tests (A+ grade) and has a modern HSTS policy. Test any domain at the official website.
We natively support HTTP/3 and QUIC which accelerate and secure HTTP traffic.
We are cloud-born and API-first with an open API. Tallyfy is an integration-first platform with a modern, open API. See integrations.
UX and ease-of-use is critical to Tallyfy.
We log all API calls with a 28-day retention policy.
We stream your data to any analytics platform that supports Amazon Athena like PowerBI, Tableau or Google Data Studio, allowing custom views.
Our perimeter defenses work at any scale to handle large DDoS attacks.
Our founding team is technical and understands workflow management. We take a long-term, customer-centric view.
We are SOC 2 Type 2 attested.

We take security seriously and invest in best-of-breed vendors for internal purposes. See our privacy policy.

Our commitment to user experience

UX is critical for IT to service business units. Tallyfy takes a UX-first approach to mitigate risks.

Tallyfy’s UI is mobile-first and responsive.
We support many languages. Contact us for more.
All customers can use SSO for free via Active Directory, Google, Okta, OneLogin, etc.
Minimum browser versions: Safari 9.1.1+, Chrome 50+, Firefox 46.0.1+, IE 11+, Mobile Safari 9+

On the subject of UX – Tallyfy was created because legacy BPM software is tired and broken:

Users now decide to buy software themselves. UX and user adoption are key.
Modern cloud tools are free to try. We’re happy to engage IT for larger questions.
People want to share workflows with clients. Tallyfy provides a secure solution.
People expect drag-and-drop integrations. We support middleware and have an open API.
People expect to work on phones. Tallyfy works on most devices.
People are tired of flowcharts. Map legacy processes to Tallyfy equivalents.
People expect cloud benefits. Don’t settle for legacy vendors.
Companies of all sizes need process management. Tallyfy is designed for any team size.
People are excited about AI. Tallyfy makes it easy to use AI for automation or generative applications.

Our commitment to open integration

Modern IT leaders know vendors must offer easy integration.

Tallyfy guarantees open data access via API.
We will always offer an open API for integration.
We support data extraction for analysis in most major BI platform that support ODBC connections. See more more about our Tallyfy Analytics here.

Key facts on our infrastructure

Tallyfy has an industry-standard REST API and a client UI that depends on the API.

Tallyfy is a cloud-only service. We handle security, scaling, maintenance, etc.
Tallyfy was built API-first using modern development techniques.
As a US company, we comply with trade sanctions. We block entire countries for legal and security reasons. Contact us to discuss lifting blocks.
Tallyfy’s UI is lightweight. Your web team can integrate using our open REST API.
API authentication uses OAuth 2.0.
We are hosted on AWS in us-west-2 with a disaster recovery process tested.
We use native AWS services to scale.
Our database is Postgres on AWS RDS with Multi-AZ for high availability. Daily automated backups.
All data encrypted in transit and at rest.
Customizable storage and encryption available.
More stack details available privately. Open to vulnerability assessments.
We challenge requests from Tor and block weak cipher suites.

Tallyfy uses ISO 27001 and FISMA certified AWS data centers with strict physical access controls.

Firewall infrastructure is provided by Cloudflare and AWS.

AWS is accredited under ISO 27001, SOC 1/2, PCI Level 1, FISMA Moderate, SOX.

Tallyfy Client – Diagram

Tallyfy REST API – Diagram

API docs: https://go.tallyfy.com/api/

Infrastructure monitoring

We use AWS Cloudwatch, Cloudtrail and Moesif at the edge for monitoring and logging.
Resources auto-scale based on demand. See our status page for uptime.
Cloudflare is our perimeter defense against attacks.

Support, billing and second line support

We use a helpdesk for online ticketing.
For larger companies, we provide 2nd/3rd line support. Your IT can be your first line.
Billing via Recurly and Stripe, PCI compliant. No billing info stored.
Enterprise plans have phone/live-chat support.

Releases and automated testing

GitHub used with feature branches for clean code merges.
Strict QA and automated testing. Automated deployments via Deploybot.
Manual QA on staging before production release.
Automatic capture of API/UI exceptions.
Product update changelog.

SHA-2 support, TLS and DNS

Tallyfy only allows modern TLS (1.2/1.3) connections.

Our domain uses DNSSEC to protect against DNS forgery.

We prevent browsers without SNI from connecting. Minimum browser versions:

IE7 on Windows Vista
Chrome on Vista/OS X 10.5.7+
Safari 3.0 on Vista/OS X 10.5.6+
Firefox 2.0+
Opera 8.0+ (TLS 1.1)
BlackBerry 10+
Windows Phone 7+

HSTS – strict requirements enabled

HSTS (RFC 6797) allows websites to enforce HTTPS, protecting against attacks. Tallyfy is pre-loaded in browsers to serve HTTPS via strong HSTS, achieving A+ on SSL labs tests.