Security
Last updated May 1, 2026
Security is foundational. Here is a plain summary of the controls we run, the certifications we hold, and how to report a vulnerability.
1.Encryption
All traffic to tade Lyn is encrypted with TLS 1.3.
Data at rest is encrypted with AES-256 in our managed cloud provider.
Secrets are managed in a dedicated KMS with rotation.
2.Access control
Least-privilege internal access, reviewed quarterly.
Single sign-on with hardware-key second factor for all employees.
Customer accounts support email + magic link, OAuth and (on Enterprise) SAML SSO.
3.Infrastructure
Hosted on tier-1 cloud providers in multiple regions.
Production deploys go through CI with automated tests and security scans.
Continuous vulnerability scanning of dependencies and container images.
4.Certifications
SOC 2 Type II — annual audit (latest 2026).
ISO 27001 — in progress, targeted 2026.
Ghana Data Protection Commission (DPC) registered.
5.Responsible disclosure
Found a vulnerability? Email security@tadelyn.com with a description and reproduction steps.
We respond within 48 hours and credit researchers in our security hall of fame.