Best practices for protecting sensitive information
When your workflows handle private or confidential info (like Social Security numbers, credit card details, health records), it’s important to protect that data.
Recommendations for handling sensitive data
The best approach is usually:
Store sensitive data securely outside Tallyfy: Keep confidential info in a dedicated secure system (like a secure database, encrypted storage, or specialized system like HR or finance software) with strong access controls.
Limit access: Ensure only authorized users access the secure system where the data is stored.
Don’t put sensitive data directly in Tallyfy: Avoid typing or pasting sensitive details directly into Tallyfy task names, descriptions, or standard form fields.
Link securely: Instead of putting data in Tallyfy, put a secure link in the Tallyfy task description pointing to the data’s secure location.
How to link to sensitive data from Tallyfy
Ensure sensitive info is stored securely in your other system.
Get a secure link (URL) allowing authorized users access to that specific data.
In the task description, add text explaining the data and insert the secure link (URL) where users can view it (e.g., “Click here to view the secure customer record”).
Save the task description.
This method lets your Tallyfy workflow reference needed info without storing sensitive data in Tallyfy.
The privacy policy and IT documentation can be accessed through dedicated links on Tallyfy’s website which detail security measures compliance standards and data protection practices.
Tallyfy maintains robust security practices including SOC 2 Type 2 compliance access controls data encryption system monitoring incident response plans and vendor management protocols to protect customer data and ensure platform reliability.
Tallyfy stores uploaded files securely on Amazon S3 with storage limits based on subscription plans while recommending users leverage external file-sharing platforms like Dropbox or Google Drive through links to optimize storage usage.
HSTS is a security protocol that forces web browsers to only use encrypted HTTPS connections with websites while preventing attacks like SSL stripping cookie theft and protocol downgrade attempts.