Tallyfy provides enterprise-grade security through SOC 2 Type 2 compliance certification comprehensive data encryption multi-factor authentication principle of least privilege access controls mandatory SSO enforcement environment segregation vulnerability assessments incident response frameworks third-party risk management protocols and comprehensive audit trail capabilities meeting regulatory requirements across highly regulated industries.
Terms & legals
Tallyfy® maintains comprehensive compliance, legal, security, and privacy standards designed to meet enterprise requirements and regulatory obligations:
- SOC 2 Type 2 Attestation: Independently verified security controls and operational effectiveness for data protection.
- HSTS Compliance: HTTP Strict Transport Security prevents man-in-the-middle attacks. The
tallyfy.com
domain is pre-loaded as secure in major browsers. - BIMI Compliance: Brand Indicators for Message Identification email standard enhances brand recognition and prevents phishing attacks.
- Custom Data Processing Agreements: Available for EU, UK, or specific US states (like CCPA) to meet regional privacy requirements.
- GDPR Compliance: Achieved through Data Privacy Framework (DPF) attestation for comprehensive European data protection.
- Enterprise Contract Flexibility: Custom contracts available for specialized enterprise requirements and compliance needs.
- Complimentary Single Sign-On: SSO functionality provided free to all customers because security shouldn’t require additional costs.
- Comprehensive Data Encryption: All data is encrypted both in transit and at rest using industry-standard encryption protocols.
- Logical Data Separation: Multi-tenant cloud hosting with logical data separation hosted in
us-west-2
on Amazon Web Services. - AWS GovCloud Hosting: Available for customers requiring enhanced security standards. Requires enterprise contract - schedule a consultation ↗ for details.
- Multi-Layer API Security: Every API request processes through Cloudflare Workers and Web Application Firewall (WAF) protection.
- Sanctions Compliance: Access blocked from countries under US trade sanctions to ensure regulatory compliance.
- Anonymous Network Blocking: Requests from Tor browsers are automatically blocked for enhanced security.
- Edge Rate Limiting: Advanced rate limiting at network edge handles traffic spikes and prevents abuse.
- Enterprise Insurance Options: Custom insurance coverage available for enterprises with specific liability requirements.
Tallyfy’s compliance automation software ↗ enables organizations to meet regulatory requirements efficiently through standardized processes, automated compliance tracking, and comprehensive audit trails that demonstrate adherence to industry standards.
Terms Legals > Tallyfy's privacy policy
Tallyfy’s privacy policy and security documentation can be accessed through dedicated web pages that outline data collection practices protection measures and compliance standards.
Compliance > How Tallyfy uses HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS) is a web security protocol that Tallyfy implements to force browsers to use only encrypted HTTPS connections preventing cyber attacks like SSL stripping and man-in-the-middle exploits while protecting user data through mandatory encryption and preload list inclusion across all platform endpoints.
Tallyfy has maintained profitable operations since 2015 as an independent venture-capital-free company with enterprise-grade security compliance and transparent pricing backed by specialized workflow expertise and a proven track record of platform stability.
About Tallyfy
- 2025 Tallyfy, Inc.
- Privacy Policy
- Terms of Use
- Report Issue
- Trademarks