Security & Trust

Your data security is our top priority

Our Commitment to Security

At Tajo, we implement industry-leading security measures to protect your e-commerce data, customer information, and marketing campaigns. Security is built into every layer of our platform to ensure the highest standards of privacy and compliance.

🔒 Data Encryption

All customer data, API communications, and integration payloads are encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

🛡️ GDPR Compliant

Fully compliant with GDPR, CCPA, and other international data protection regulations, ensuring your customer data is handled responsibly across all channels.

🔐 Access Control

Granular role-based access control (RBAC) and multi-factor authentication (MFA) ensure only authorized team members can access sensitive data and settings.

📊 Regular Audits

We conduct regular security audits and penetration testing by independent third parties to identify and address potential vulnerabilities.

Compliance & Certifications

Tajo is committed to meeting the highest compliance standards for data protection and security. We maintain the following certifications and compliance standards:

  • GDPR - General Data Protection Regulation compliance
  • CCPA - California Consumer Privacy Act compliance
  • SOC 2 Type II - [In Progress/Completed]
  • ISO 27001 - [In Progress/Completed]

Data Processing

Data Location

All customer data is stored in secure, geographically distributed data centers with redundancy across multiple availability zones to ensure high availability and disaster recovery.

Data Retention

We retain customer data only for as long as necessary to provide our services and fulfill legal obligations, in accordance with our data retention policy and applicable regulations.

Data Deletion

Customers can request complete data deletion at any time through their account settings or by contacting our support team. We process deletion requests within 30 days in compliance with GDPR requirements.

Security Best Practices

Infrastructure Security

  • Cloud infrastructure hosted on enterprise-grade providers
  • Automated backups with point-in-time recovery
  • DDoS protection and web application firewall
  • Network segmentation and isolation

Application Security

  • Secure coding practices and code reviews
  • Automated security scanning in CI/CD pipeline
  • Regular dependency updates and vulnerability patching
  • Input validation and output encoding

Operational Security

  • 24/7 security monitoring and incident response
  • Employee security training and awareness programs
  • Background checks for all employees with data access
  • Comprehensive logging and audit trails

Incident Response

In the unlikely event of a security incident, our dedicated security team follows a comprehensive incident response plan that includes:

  1. Immediate detection and containment
  2. Impact assessment and analysis
  3. Customer notification (as required by law)
  4. Remediation and prevention measures
  5. Post-incident review and improvement

Third-Party Security

We carefully vet all third-party service providers, including Brevo and cloud infrastructure partners, and require them to maintain security standards equivalent to our own through binding contractual obligations.

Brevo Integration Security

Our integration with Brevo follows industry best practices for API security, including:

  • Secure API key management
  • Encrypted data transmission
  • Minimal data sharing (only what's necessary)
  • Regular security reviews of integration points

Report a Security Issue

If you discover a security vulnerability, please report it responsibly to:

  • Email: [email protected]
  • We commit to acknowledging reports within 24 hours
  • We maintain a responsible disclosure policy

Questions?

For questions about our security practices, please contact:

Начните бесплатно с Brevo