TRUST CENTER
Tanqory operates a layered security program across application, infrastructure, and operational areas. Specific controls listed below are live today; controls under development are marked. Where a public commitment is made, the owning team is named.
These pillars summarise Tanqory's live security controls. Each maps to the corresponding section of the Security Overview document on the Legal Center. Each pillar is owned by a named operational team; controls under development are marked.
TLS 1.2+ across all public endpoints, fronted by Cloudflare Universal SSL. Provider-managed AES-256 for managed databases and object storage. AES-256-GCM for application-layer secrets (TOTP, OAuth tokens, payment credentials). Owner: Engineering.
PS256 (RSA) JWT authentication issued by the central admin API and validated downstream by every service. Role-based access control. Multi-factor authentication via TOTP (with AES-256-GCM-encrypted secrets), SMS (Vonage), and one-time recovery codes. Session lifecycle managed with httpOnly refresh tokens and explicit invalidation. Self-hosted Infisical delivers secrets to Kubernetes via the Infisical secrets operator; production access is gated by least-privilege design. Operational status: least-privilege design in place; full enforcement audit on roadmap. Owner: Engineering. Access-review frequency: on roadmap.
Cloudflare WAF, API Shield, automatic DDoS protection, and rate limiting at the application gateway. Sentry receives application errors and performance traces across backend (NestJS), frontend (Next.js), and mobile (iOS, Android). Service status is published continuously at https://status.tanqory.com. Logs and alerting feed into on-call rotations for security-relevant events; a single queryable log store across all production services is on roadmap. Owner: Engineering on-call. Monitoring review frequency: continuous (alerting), with periodic on-call retros.
Dependency updates including security patches flow through Dependabot on a weekly Monday cadence to the development branch, with security-labelled PRs across admin-api, store-api, and other services. Administrative mutations are recorded by the activity-log and audit-timeline services in admin-api with actor, object, and timestamp. Coordinated disclosure runs under the Tanqory bug bounty policy. Quarterly review of the underlying security-controls source of truth (04-security-controls.yaml) drives this page. A published external patch SLA history is on roadmap. Owners: Security (vulnerability triage and bug bounty) + Engineering (patching). Review frequency: weekly (Dependabot) plus quarterly source-of-truth review.
Tanqory operates a documented Incident Response plan covering detection, containment, eradication, recovery, and lessons-learned. Customer notification timelines are committed in our Data Processing Agreement and follow the applicable regulatory framework — GDPR's 72-hour breach notification window for personal-data incidents, faster for incidents that materially affect availability. The full plan, including severity tiers, on-call structure, and post-incident review cadence, is published in the Incident Response document on the Legal Center. Incident response is owned by the Security lead (security@tanqory.com) together with Engineering on-call. Breach notification to customers is owned by the Security lead with Legal review.
Enterprise teams can request our completed security questionnaire, current DPA template, and a control-mapping briefing from our Trust team.
Email the Trust team