Tarosyn Information Security Policy

This policy describes Tarosyn's governance, risk management, access-control, and incident-response commitments for enterprise and partner review.

Data Classification

• Public: Blog posts, public chants, gallery cards, public profiles.
• Internal: Operational metrics, non-personal configuration.
• Confidential: User readings, personal data, birth data, messages.
• Restricted: Credentials, payment tokens, API keys, audit logs.

Access Control

Principle of least privilege applies to all systems. Production access requires multi-factor authentication and is reviewed quarterly. Employee offboarding triggers immediate revocation.

Incident Response

See our Incident Response Policy for detection, containment, and notification SLAs, including our 72-hour breach notification commitment.

Compliance

Tarosyn is committed to GDPR compliance for EU users and CCPA compliance for California users. Full details are in our Data Processing Agreement and Privacy Policy.

Trust Center · Security Policy