SEC.OPSTrust & security

Built for the
enterprise floor.

TariffOS handles trade data that moves billions of dollars per year. Our security program is reviewed by the largest CFO and CISO desks in global commerce.

CTRLControls

Compliance

SOC 2 Type II audit underway · ISO 27001 alignment · GDPR · CCPA · CSA STAR self-assessment.

Encryption

TLS 1.3 in transit · AES-256 at rest · FIPS 140-2 KMS · per-tenant key envelopes for trade data.

Network

Multi-region active-active · private VPC peering · mTLS for partner integrations · DDoS protection.

Reliability

99.99% SLA · automated failover · point-in-time recovery · daily encrypted backups for 35 days.

Data residency

EU and US data residency available · subprocessor list maintained and notified before changes.

Monitoring

24/7 SOC · centralized logging · IDS/IPS · anomaly detection on API traffic · SIEM-driven alerting.

VULNVulnerability disclosure

We welcome reports from the security community. Disclose suspected vulnerabilities to security@tariffos.com. We acknowledge within 1 business day and triage within 5. Good-faith research is covered by safe-harbor.

DOCSecurity packet

SOC 2 report, pen-test summary, and DPA on request.

Request security packet →

Built for theenterprise floor.