Security
Your data security is our top priority. Learn about how we protect your information.
Security Overview
At TODAY Type, security is built into everything we do. We employ industry-standard security measures and continuously monitor and improve our security posture to protect your data.
Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Authentication
Secure SSO integration with Microsoft and Google OAuth
Infrastructure
Hosted on enterprise-grade cloud infrastructure
Monitoring
24/7 security monitoring and threat detection
Data Protection
Encryption
- In Transit: All communications are encrypted using TLS 1.3 with strong cipher suites
- At Rest: Data is encrypted using AES-256 encryption
- Key Management: Encryption keys are managed using secure key management systems with regular rotation
Access Controls
- Role-Based Access: Strict role-based access controls limit data access to authorized personnel
- Principle of Least Privilege: Access is granted only as needed for specific job functions
- Multi-Factor Authentication: Required for all administrative access
- Audit Logging: All access and changes are logged for accountability
Infrastructure Security
Cloud Security
- Hosted on Microsoft Azure with enterprise security controls
- Geographically distributed data centers with redundancy
- Network segmentation and firewalls
- DDoS protection and mitigation
- Regular vulnerability scanning and patching
Application Security
- Secure Development: Security-focused software development lifecycle (SDLC)
- Code Reviews: All code changes undergo security review
- Dependency Management: Regular updates and vulnerability scanning of dependencies
- Penetration Testing: Regular third-party security assessments
- OWASP Compliance: Protection against common vulnerabilities (XSS, CSRF, SQL injection, etc.)
Authentication & Identity
Secure Sign-In Options
- OAuth 2.0 integration with Microsoft and Google
- Enterprise SSO support (SAML 2.0)
- Secure password policies with strength requirements
- Account lockout protection against brute force attacks
- Secure session management with automatic timeout
Enterprise Features
- Custom SSO/SAML configuration
- Directory integration (Azure AD, Okta, etc.)
- Centralized user management
- Session controls and IP restrictions
Incident Response
We maintain a comprehensive incident response program:
- Detection: Continuous monitoring for security events and anomalies
- Response: Defined procedures for incident classification and response
- Communication: Timely notification to affected parties as required by law
- Recovery: Procedures for service restoration and data recovery
- Review: Post-incident analysis and improvement
Business Continuity
- Regular automated backups with geographic redundancy
- Disaster recovery procedures and testing
- High availability architecture with failover capabilities
- Service level commitments for enterprise customers
Compliance
See our Compliance page for detailed information about our data protection practices, including:
- GDPR compliance
- CCPA compliance
Report a Security Vulnerability
We appreciate the security research community's efforts to improve our security. If you discover a security vulnerability, please report it responsibly:
- Email: security@tdy.ai
- Include details about the vulnerability and steps to reproduce
- Allow reasonable time for us to address the issue before public disclosure
We commit to:
- Acknowledge receipt within 48 hours
- Provide regular updates on our investigation
- Credit researchers who report valid vulnerabilities (if desired)
Contact Us
For security-related inquiries:
- Security issues: security@tdy.ai
- Compliance documentation: compliance@tdy.ai
- General inquiries: Contact Form