Security Policy | Talaera Inc.

Last Updated: May 13, 2026

1. Overview

At Talaera Inc. (“Talaera”), we take the security of customer and end-user data seriously. This overview summarizes the organizational and technical measures we use to protect data from unauthorized or inadvertent access, modification, or loss.

This document is intended as a public summary. More detailed information about our security practices is available to current and prospective customers on request, under reasonable confidentiality terms.

2. Infrastructure and Hosting

Talaera’s user-facing applications operate in Amazon Web Services (AWS) within dedicated Virtual Private Clouds (VPCs). Talaera’s primary production infrastructure that hosts customer data is located in the United States. Talaera personnel do not have physical access to the underlying hardware. Administrative network access is restricted and routed through bastion hosts.

Further information about AWS infrastructure security is available on the AWS Cloud Security pages.

3. Data Storage

Customer data is stored on AWS infrastructure and protected using AWS-managed security features and Talaera’s application-level security controls. Data is encrypted at rest using industry-standard encryption. Customer data is logically separated and the Talaera application enforces access controls so that one customer’s data cannot be accessed by another.

Production database backups are retained for a defined period to support recovery in the event of data loss.

4. Data Transmission

All data transmitted between users and the Talaera platform is encrypted in transit using current versions of Transport Layer Security (TLS).

5. Authentication and Access Control

Access to Talaera systems is governed by internal access policies and follows the principle of least privilege.

  • Personnel access: Talaera personnel with administrative access to systems handling customer data are required to authenticate using Multi-Factor Authentication (MFA).
  • Role-based access: Access to systems and data is granted based on role and is reviewed periodically.
  • Customer access: Customer access to the Talaera platform is managed by Talaera’s account team and, where applicable, by designated administrators within the customer’s organization.
  • Password storage: User passwords are stored using one-way cryptographic hashing.
  • Single sign-on: For enterprise customers, Talaera supports single sign-on (SSO) using SAML-based identity providers, where enabled under the applicable customer configuration. SSO allows customers to manage user authentication through their own identity provider.

6. Application Security

Talaera maintains a set of practices intended to identify and address security issues in its applications and infrastructure:

  • Vulnerability scanning: Production systems and container images are scanned for known software vulnerabilities. Identified vulnerabilities are tracked and addressed based on severity.
  • Threat detection: Talaera uses cloud-native threat detection services to monitor for unusual or suspicious activity in its production environment.
  • Penetration testing: Talaera engages independent third parties to perform periodic penetration testing of its production environment.
  • Patching: Operating systems, application dependencies, and supporting libraries are updated on a regular basis.

7. Personnel

Talaera personnel and contractors who access customer data are subject to written confidentiality obligations and security requirements:

  • Background checks: Background checks are performed on personnel where permitted by applicable law.
  • Security awareness: Personnel receive security awareness training and are expected to follow Talaera’s security policies and acceptable use guidelines.
  • Access on termination: Access to Talaera systems is removed promptly when an individual’s role no longer requires it or when they leave Talaera.

8. Compliance and Configuration Monitoring

Talaera uses continuous compliance and configuration monitoring to check its infrastructure and operational practices against established security control frameworks. Issues identified through this monitoring are tracked and addressed.

9. Sub-Processors

Talaera engages third-party service providers (sub-processors) to operate the Services. Each sub-processor is bound by a written agreement that imposes data protection obligations no less protective than those Talaera commits to in its Data Processing Agreement. The current list of Talaera’s sub-processors is published at https://www.talaera.com/sub-processors.

10. Incident Response

Talaera maintains internal procedures for identifying, investigating, and responding to security incidents. In the event of a confirmed security incident affecting customer Personal Data, Talaera will notify affected customers in accordance with the terms of their applicable Customer Agreement and Data Processing Agreement, and as required by applicable law.

11. Customer Responsibilities

Security is a shared responsibility. Customers and end users are responsible for:

  • Keeping account credentials, including usernames and passwords, secure and not sharing them with others.
  • Promptly notifying Talaera if a credential is suspected of being compromised.
  • Configuring access for users within the customer’s own organization in a manner consistent with the customer’s own security policies.
  • Maintaining secure devices and networks for accessing the Services.

12. Contact

Questions about this Security Overview or about Talaera’s security practices may be directed to:

Talaera Inc.
Attn: Information Security
28 Liberty Street, 6th Floor
New York, NY 10005
United States

Email: infosec@talaera.com