Security, privacy, and compliance — documented

Tanqory's external certification roadmap across SOC 2, ISO 27001, ISO 27701, ISO 42001, and PCI-DSS scope.

The canonical list of third parties that process customer personal data on Tanqory's behalf, with purpose, location, and transfer mechanism.

The regional deployment footprint across DigitalOcean, Google Cloud, and Amazon Web Services, designed for four business regions.

Overview of Tanqory's security controls, vulnerability program, incident response posture, and coordinated disclosure policy.

Privacy program hub: privacy policy, DSAR contact, cookie policy, and international transfer mechanisms.

Tanqory's technical stack: NestJS backend, Next.js 16 + React 19 web, native iOS/Android, and an infrastructure footprint designed for multi-cloud, multi-region deployment.

AI providers in use, default training opt-outs, on-device vs cloud deployment, and EU AI Act / ISO 42001 design posture (Tanqory is not certified against ISO/IEC 42001).

Researcher-facing summary of the Tanqory bug bounty: scope, reward tiers, how to submit, safe harbor, and responsible disclosure.

Machine-readable security contact and disclosure policy per RFC 9116.

Live operational status and incident history for the Tanqory platform, hosted on Atlassian Statuspage.