IT and Security Documentation

"I had a great chat with Tallyfy - and love the user-first design. They are also a rare example of transparency and confidence. The legal compliance and security page (which hardly anyone would normally read) would be one of the best examples of open communication I have seen for a while - around how the service is constructed and the underpinning technologies and services used. Well worth a look if you are technically-minded, or just interested in how a modern tech. company approaches their IT. Good stuff!"

— Garry Johnston, Vodafone New Zealand

Security & Infrastructure at a Glance

  • Industry-leading security posture with A+ SSL grade and modern HSTS policy. Verify our domain security.
  • HTTP/3 and QUIC support for enhanced performance and security.
  • Cloud-native, API-first platform with open API and robust integrations.
  • SOC 2 Type 2 attested with comprehensive API logging (28-day retention).
  • Data analytics integration with PowerBI, Tableau, Google Data Studio via Amazon Athena.
  • Enterprise-grade DDoS protection with scalable perimeter defenses.
  • Technical founding team with deep workflow management expertise.

Security is our foundation, not an afterthought. See our privacy policy for details.

User Experience Excellence

We prioritize UX to ensure high adoption rates and minimize implementation risks:

  • Mobile-first, responsive design that works across devices
  • Multi-language support with localization options
  • Free SSO integration with Active Directory, Google, Okta, OneLogin, and more
  • Modern browser support: Safari 9.1.1+, Chrome 50+, Firefox 46.0.1+, IE 11+, Mobile Safari 9+

Tallyfy replaces legacy BPM software with modern capabilities:

  • User-driven adoption with intuitive interfaces that people actually want to use
  • Free trial access with transparent IT engagement for enterprise needs
  • Secure client collaboration for extending workflows beyond your organization
  • No-code integration with popular tools plus comprehensive API access
  • True mobile capability rather than desktop-first afterthoughts
  • Beyond flowcharts with practical, actionable processes
  • Full cloud advantages including automatic updates and scaling
  • AI-ready platform for automation and generative applications

BIMI Compliance

Tallyfy is Brand Indicators for Message Identification (BIMI) compliant, enhancing email security and brand trust:

  • Verified logo display in supporting email clients, increasing visual legitimacy
  • Enhanced anti-phishing protection through reliable sender identification
  • Built on DMARC compliance for comprehensive email authentication
  • Improved email deliverability and reduced likelihood of being filtered as spam
  • Visual trust indicators that help recipients quickly identify legitimate Tallyfy communications

Integration-First Architecture

Our commitment to seamless data exchange:

  • Guaranteed API access to your data — always
  • Comprehensive REST API with OAuth 2.0 authentication
  • Enterprise analytics integration via ODBC connections to major BI platforms. See Tallyfy Analytics details

Infrastructure & Security Foundation

Tallyfy operates on a modern, API-driven architecture with industry-leading security practices:

  • 100% cloud service with AWS infrastructure in us-west-2 region
  • API-first design following modern development principles
  • Full trade sanctions compliance with options for geolocation restrictions
  • Lightweight UI with comprehensive REST API for custom integrations
  • High-availability Postgres database with Multi-AZ configuration and daily backups
  • End-to-end encryption for all data in transit and at rest
  • Advanced request filtering to block suspicious traffic and weak cipher suites

We leverage ISO 27001 and FISMA certified AWS infrastructure with SOC 1/2, PCI Level 1, and SOX accreditations. Enterprise-grade firewall protection provided by Cloudflare and AWS.

Tallyfy Client - Diagram

Tallyfy Client - Diagram

Tallyfy REST API - Diagram

API docs: https://go.tallyfy.com/api/

Tallyfy REST API - Diagram

Operational Excellence

  • Comprehensive monitoring via AWS Cloudwatch, Cloudtrail and Moesif with auto-scaling resources. Check our status page.
  • Enterprise support options including ticketing, phone, and live chat with flexible IT integration.
  • PCI-compliant billing through Recurly and Stripe with zero local payment data storage.
  • Robust deployment pipeline utilizing GitHub, automated testing, and staged releases.
  • Transparent updates documented in our product changelog.

Advanced Security Measures

Tallyfy enforces modern TLS (1.2/1.3) connections, DNSSEC protection, and strict HSTS implementation, earning an A+ rating on SSL Labs.

Tallyfy SSL report

We're among the few workflow platforms properly validating on the HSTS preload list. Verify our HSTS status.

HSTS test

Our security posture isn't just about claims—it's verified, tested, and transparent. That's our commitment to your data protection.