Security Policy

1. Our Commitment to Security

At Talkivist, the security of your personal data and payment information is a top priority. We implement comprehensive technical and organizational security measures to protect your data against unauthorized access, disclosure, alteration, and destruction.

This Security Policy describes the measures we take to safeguard your information and outlines your responsibilities as a user to help maintain the security of your account.

2. Data Encryption

We use industry-standard encryption to protect your data:

• All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS)
• Passwords are hashed using bcrypt with a minimum of 12 salt rounds — we never store plain-text passwords
• Sensitive data at rest is encrypted using AES-256 encryption
• Database connections are encrypted and access is restricted to authorized services only
• API keys and secrets are stored in encrypted environment variables, never in source code

3. Payment Security

Talkivist takes payment security extremely seriously. All financial transactions are handled in compliance with the Payment Card Industry Data Security Standard (PCI-DSS):

• All payment processing is handled by PCI-DSS Level 1 certified third-party processors (e.g., Stripe)
• Talkivist never stores, processes, or transmits full credit card numbers, CVV codes, or full magnetic stripe data on its own servers
• Payment forms are hosted directly by our payment processor using tokenization technology
• Only the last 4 digits of a card number and card type are stored for display purposes
• All payment transactions are logged and monitored for suspicious activity
• Fraud detection systems are in place to identify and block unauthorized transactions

4. Infrastructure Security

Our platform infrastructure is designed with security at every layer:

• Hosted on enterprise-grade cloud infrastructure with physical security controls
• Firewalls and network segmentation to isolate sensitive systems
• Regular automated security patching and vulnerability scanning
• Intrusion detection and prevention systems (IDS/IPS) monitoring network traffic
• DDoS protection to maintain service availability
• Regular automated backups with encrypted off-site storage
• Disaster recovery procedures tested regularly to ensure data integrity

5. Access Controls

We enforce strict access controls to protect your data:

• Role-based access control (RBAC) — employees can only access data necessary for their role
• Multi-factor authentication (MFA) required for all internal administrative access
• All access to production systems is logged and audited
• Access rights are reviewed regularly and revoked immediately upon employee departure
• Third-party vendor access is limited, monitored, and governed by data processing agreements

6. Application Security

Our development practices incorporate security at every stage:

• Secure Software Development Lifecycle (SSDLC) practices followed by our engineering team
• Code reviews with security considerations as part of every deployment
• Protection against common web vulnerabilities: SQL injection, XSS, CSRF, and others per OWASP Top 10
• Rate limiting and brute-force protection on authentication endpoints
• Session tokens are cryptographically secure, time-limited, and invalidated on logout
• Input validation and output encoding applied throughout the application

7. Data Breach Response

In the event of a confirmed data breach, Talkivist will:

• Contain and investigate the breach immediately upon discovery
• Notify affected users within 72 hours of becoming aware of the breach, as required by GDPR
• Report the breach to relevant data protection authorities where required by law
• Provide clear information about what data was affected and what steps users should take
• Implement corrective measures to prevent recurrence
• Maintain a breach log for regulatory compliance purposes

8. Your Account Security Responsibilities

Security is a shared responsibility. To protect your account, we recommend:

• Use a strong, unique password for your Talkivist account (minimum 12 characters, mix of letters, numbers, symbols)
• Never share your password with anyone, including Talkivist support staff (we will never ask for it)
• Log out of your account when using shared or public devices
• Keep your registered email address secure and up to date
• Be cautious of phishing emails — Talkivist will only contact you from @talkivist.me addresses
• Report any suspicious activity on your account immediately to info@talkivist.me

9. Third-Party Security

We carefully vet all third-party service providers for security compliance before integration. All third parties with access to user data are required to sign Data Processing Agreements (DPAs) and maintain security standards at least equivalent to our own. We regularly review third-party security certifications and compliance status.

10. Security Audits and Testing

We conduct regular security assessments including vulnerability scanning, penetration testing, and code audits. Critical security findings are addressed with priority. Our security posture is continuously reviewed and improved as threats evolve and our platform grows.

11. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue in our platform, please report it to us privately before public disclosure:

12. Contact Us