Trust center

General
,
1

Trust center

banner-risk-analysis
banner-risk-analysis348×356 38.3 KB

Our security principles

Privacy first

We minimize data collection and never use it for anything beyond the agreed scope. For the cheapest plans we use Posthog to analyze user behaviour.

Transparency matters

We’re open about our architecture, practices, and incidents.

Customer control

You decide what data we process, store, and delete. We do not hold you hostage, you can export all your data anytime and walk away.

Infrastructure & Hosting

  • Hosted on Azure in ISO 27001-certified data centers. We use Kubernetes to achieve Azure level SLA’s also for Tazilla.

  • Servers are in the EU, with regular security patching and hardened configurations.

  • Network access restricted through firewalls and private VPCs.

  • Automated daily backups and encrypted storage.

Data Protection & Privacy

  • All data in transit is encrypted using TLS 1.2+.

  • All data at rest is encrypted with AES-256.

  • Access to customer data is strictly limited to a team of three employees and logged.

  • GDPR compliant: Data can be exported or deleted anytime.

  • We never sell or share customer data — period.

Application Security

  • Regular internal security reviews and dependency scanning. Here is our last pentest report.

  • Role-based access control (RBAC) for users and admins.

  • Secure password storage using modern hashing algorithms.

  • 2fa authentication available for all users.

  • CSRF, XSS, and SQL injection prevention taken care of.

Phishing Simulation Safety

  • All phishing tests are conducted under explicit customer consent.

  • Emails are sent only to authorized user lists provided by the customer.

  • Simulation domains are isolated from production infrastructure.

  • Clear opt-out and reporting mechanisms for recipients.

  • We proactively monitor for abuse or misreporting (e.g., spamhaus listings).

Organization security

  • We are preparing for ISO 27001 certification.

  • All our employees are long-term members of the team, and we trust them across all areas of our work.

  • We hold a wide range of internationally recognized certifications in IT management, IT architecture, project management, information and cybersecurity, personal data protection, and other specialized domains.

  • We also hold certifications as Cybersecurity Auditors and Cybersecurity Managers, issued by the Competence and Certification Center for Cybersecurity established by the National Security Authority.

  • We continuously educate and test ourselves to stay proactive in the cybersecurity field.