TallyBoxHQ is built with security at its core. Your financial data is protected with industry-leading encryption and strict access controls.
We have read-only access to your financial information. We can never move, transfer, or access your money unless you explicitly authorise it.
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256 encryption. Your credentials are managed securely using managed services in collaboration with Cloud providers.
TallyBoxHQ will never sell your data. We collect only what's needed to provide you with financial clarity.
TallyBoxHQ runs on enterprise-grade cloud infrastructure designed for security and reliability.
Powered by managed authentication services with secure token management, password hashing, and support for multi-factor authentication.
Managed database services with encryption at rest, network isolation, and automated backups to prevent data loss.
All API communications use HTTPS with TLS 1.2+. Sensitive configuration is stored in managed secrets manager with encryption.
Transactional emails sent via managed email services with SPF, DKIM, and DMARC configured to prevent spoofing and phishing.
Regular Security Reviews: We conduct periodic security assessments and code reviews to identify and address potential vulnerabilities.
Least Privilege Access: Internal access to systems and data is restricted to only what is necessary, following the principle of least privilege.
Secure Development: Our development process includes code review, automated testing, and dependency vulnerability scanning.
Incident Response: We maintain an incident response plan to quickly address any security events and notify affected users.
Found a security vulnerability? Please report it responsibly to support.tallyboxhq@3shtech.com.