Your data is protected

All communication between your browser and our servers is encrypted using TLS. Passwords are never stored in plain text — only a one-way cryptographic hash. Sensitive records are encrypted at rest in our database. Your data cannot be read even if someone gained unauthorised access to the underlying storage.

Every account is protected by a secure password policy. All users can enable two-factor authentication (2FA) using an authenticator app, email verification, or backup codes. Platform administrators are required to use 2FA. Sessions expire automatically after inactivity, and you can sign out from all your devices at any time.

talari.ai is a multi-tenant platform built with strict data isolation. Your organisation’s data is completely separated from every other organisation on the platform — at the database level, not just the application level. Your colleagues cannot see data belonging to other organisations, and other organisations cannot see yours. Individual professionals can further mark their own documents as private, making them inaccessible even to their organisation’s administrator.

Access to features and data is governed by a role-based permission system. Each user is assigned a role (administrator, editor, user, or viewer) with precisely defined permissions. Administrators can create and remove users and adjust their roles at any time. All permission changes are recorded in an audit trail.

Every significant action — logins, failed login attempts, document access, permission changes, and session events — is recorded in a tamper-evident audit log. Audit records are retained for up to 12 months, giving you and your compliance team a complete history of who accessed what and when.

When documents containing personal information are processed by the platform, sensitive identifiers — names, addresses, ID numbers, contact details — are detected and anonymised before any processing occurs. Original identifying information is stored only in your encrypted, tenant-isolated database records and is never included in processing pipelines in plain form.

The platform runs on servers located in the European Union, covered by EU data protection law. The operating system and all server software receive automatic security patches. Access to the server infrastructure is restricted to key-based SSH authentication only — password logins are disabled. A network firewall blocks all ports except those required for the service. Automated daily backups are transferred to a separate off-site location and retained for 30 days.

talari.ai is designed with healthcare, legal, and professional service workflows in mind. Patient records, clinical session notes, and legal case documents are handled under the assumption that the strictest privacy obligations apply. The platform’s data isolation, audit logging, and encryption architecture supports compliance with GDPR, and is built with HIPAA and professional privilege requirements in mind. We do not sell, share, or use your data or your clients’ data for any purpose other than operating the service you have subscribed to.

If you believe you have found a security vulnerability in talari.ai, please contact us at security@talari.ai. We investigate all reports and respond within 48 hours.