Tallyfy provides enterprise-grade security through SOC 2 Type 2 compliance certification comprehensive data encryption multi-factor authentication principle of least privilege access controls mandatory SSO enforcement environment segregation vulnerability assessments incident response frameworks and third-party risk management protocols.
Terms & legals
Tallyfy® maintains comprehensive compliance, legal, security, and privacy standards designed to meet enterprise requirements and regulatory obligations:
- SOC 2 Type 2 Attestation: Independently verified security controls and operational effectiveness for data protection.
- HSTS Compliance: HTTP Strict Transport Security prevents man-in-the-middle attacks. The
tallyfy.comdomain is pre-loaded as secure in major browsers. - BIMI Compliance: Brand Indicators for Message Identification email standard enhances brand recognition and prevents phishing attacks.
- Custom Data Processing Agreements: Available for EU, UK, or specific US states (like CCPA) to meet regional privacy requirements.
- GDPR Compliance: Achieved through Data Privacy Framework (DPF) attestation for comprehensive European data protection.
- Enterprise Contract Flexibility: Custom contracts available for specialized enterprise requirements and compliance needs.
- Complimentary Single Sign-On: SSO functionality provided free to all customers because security shouldn’t require additional costs.
- Comprehensive Data Encryption: All data is encrypted both in transit and at rest using industry-standard encryption protocols.
- Logical Data Separation: Multi-tenant cloud hosting with logical data separation hosted in
us-west-2on Amazon Web Services. - AWS GovCloud Hosting: Available for customers requiring enhanced security standards. Requires enterprise contract - schedule a consultation ↗ for details.
- Multi-Layer API Security: Every API request processes through Cloudflare Workers and Web Application Firewall (WAF) protection.
- Sanctions Compliance: Access blocked from countries under US trade sanctions to ensure regulatory compliance.
- Anonymous Network Blocking: Requests from Tor browsers are automatically blocked for enhanced security.
- Edge Rate Limiting: Advanced rate limiting at network edge handles traffic spikes and prevents abuse.
- Enterprise Insurance Options: Custom insurance coverage available for enterprises with specific liability requirements.
Tallyfy’s compliance automation software ↗ enables organizations to meet regulatory requirements efficiently through standardized processes, automated compliance tracking, and comprehensive audit trails that demonstrate adherence to industry standards.
Terms Legals > Tallyfy's privacy policy
Tallyfy’s privacy policy and security documentation can be accessed through dedicated web pages that outline data collection practices protection measures and compliance standards.
Tallyfy earns customer trust through nearly a decade of continuous service since 2015 operating as an independent profitable company without venture capital backing maintaining enterprise-grade SOC 2 Type 2 security compliance and focusing on sustainable long-term customer value rather than investor returns or market hype.
Compliance > How Tallyfy uses HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS) is a web security protocol that Tallyfy implements to force browsers to use only encrypted HTTPS connections preventing cyber attacks like SSL stripping and man-in-the-middle exploits while protecting user data through mandatory encryption and preload list inclusion across all platform endpoints.
About Tallyfy
- 2025 Tallyfy, Inc.
- Privacy Policy
- Terms of Use
- Report Issue
- Trademarks