A comprehensive overview of Tallyfy’s security framework detailing SOC 2 Type 2 compliance access controls data protection system monitoring and vendor management practices to ensure platform reliability and data safety.
Terms & legals
Tallyfy has strong compliance, legal, security, and privacy standards:
- SOC 2 Type 2 attested.
- HSTS compliant: Important for preventing man-in-the-middle attacks. Our domain (
tallyfy.com) is pre-loaded as secure in major browsers. - BIMI compliant: An email standard for brand recognition, helping prevent phishing.
- Can sign custom DPAs for EU, UK, or specific US states (like CCPA).
- GDPR compliant: Via Data Privacy Framework (DPF) attestation.
- Can sign contracts for custom enterprise needs.
- Free SSO: We offer Single Sign On (SSO) free to all customers. Security shouldn’t cost extra.
- Data encryption: Data is encrypted in transit and at rest.
- Data separation: Data is logically separated on our multi-tenant cloud hosting (
us-west-2on Amazon Web Services). - AWS GovCloud hosting: Available for certain customers needing higher security. Requires an enterprise contract - please schedule a consultation ↗.
- API Security: Every API request goes through a Cloudflare Worker and a WAF (Web Application Firewall).
- Country blocking: We block countries under US trade sanctions.
- Tor blocking: Requests from Tor browsers are dropped.
- Rate limiting: Runs at the edge to handle traffic spikes.
- Custom insurance: Can offer custom insurance coverage for enterprises.
Our compliance automation software ↗ helps organizations meet regulations through standardized processes, automated tracking, and detailed audit trails.
Terms Legals > Tallyfy's privacy policy
Access Tallyfy’s privacy details and security documentation through dedicated links while protecting sensitive data through secure external storage and following country-specific restrictions.
Compliance > How Tallyfy uses HTTP Strict Transport Security (HSTS)
HSTS enforces secure HTTPS-only connections between web browsers and Tallyfy by implementing strict security rules that protect user data from potential attacks and unauthorized access.
Integrations > Authentication and SSO
Free Single Sign-On integration enables team members to access Tallyfy using their existing company credentials while providing enhanced security automated account setup and centralized user management through popular identity providers.
About Tallyfy
- 2025 Tallyfy, Inc.
- Privacy Policy
- Terms of Use
- Report Issue
- Trademarks