IT and Security Documentation

" I had a great chat with Tallyfy - and love the user-first design. They are also a rare example of transparency and confidence. The legal compliance and security page (which hardly anyone would normally read) would be one of the best examples of open communication I have seen for a while - around how the service is constructed and the underpinning technologies and services used. Well worth a look if you are technically-minded, or just interested in how a modern tech. company approaches their IT. Good stuff! "
Vodafone New Zealand
- Garry Johnston

This page is provided for general information only. It does not form part of any contract and does not create any representation, warranty, or commitment.

Security & Infrastructure at a Glance

  • Strong transport security with modern TLS and an HSTS policy. Verify our domain security.
  • HTTP/3 and QUIC support for enhanced performance and security.
  • Cloud-native, API-first platform with open API and robust integrations.
  • SOC 2 Type II attested with comprehensive API logging (28-day retention).
  • EU-U.S. Data Privacy Framework certified with U.S. Department of Commerce, plus UK Extension and Swiss-U.S. DPF. See our DPA page for details.
  • Data analytics integration with PowerBI, Tableau, Google Data Studio via Amazon Athena.
  • DDoS protection at the network edge.
  • Technical founding team with deep workflow management expertise.

Security is our foundation, not an afterthought. See our privacy policy for details.

User Experience Excellence

We prioritize UX to ensure high adoption rates and minimize implementation risks:

  • Mobile-first, responsive design that works across devices
  • Multi-language support with localization options
  • Free SSO integration with Active Directory, Google, Okta, OneLogin, and more
  • Modern browser support: Safari 9.1.1+, Chrome 50+, Firefox 46.0.1+, IE 11+, Mobile Safari 9+

Tallyfy replaces legacy BPM software with modern capabilities:

  • User-driven adoption with intuitive interfaces that people actually want to use
  • Free trial access with transparent IT engagement for enterprise needs
  • Secure client collaboration for extending workflows beyond your organization
  • No-code integration with popular tools plus comprehensive API access
  • True mobile capability rather than desktop-first afterthoughts
  • Beyond flowcharts with practical, actionable processes
  • Full cloud advantages including automatic updates and scaling
  • AI-ready platform for automation and generative applications

BIMI Compliance

Tallyfy is Brand Indicators for Message Identification (BIMI) compliant, enhancing email security and brand trust:

  • Verified logo display in supporting email clients, increasing visual legitimacy
  • Enhanced anti-phishing protection through reliable sender identification
  • Built on DMARC compliance for comprehensive email authentication
  • Improved email deliverability and reduced likelihood of being filtered as spam
  • Visual trust indicators that help recipients quickly identify legitimate Tallyfy communications

Integration-First Architecture

Our commitment to seamless data exchange:

  • API access to export your data
  • Comprehensive REST API with OAuth 2.0 authentication
  • Enterprise analytics integration via ODBC connections to major BI platforms. See Tallyfy Analytics details

Infrastructure & Security Foundation

Tallyfy operates on a modern, API-driven architecture with the following security practices:

  • 100% cloud service with AWS infrastructure in us-west-2 region
  • API-first design following modern development principles
  • Full trade sanctions compliance with options for geolocation restrictions
  • Lightweight UI with comprehensive REST API for custom integrations
  • High-availability Postgres database with Multi-AZ configuration and daily backups
  • Encryption of data in transit (TLS 1.2/1.3) and at rest
  • Advanced request filtering to block suspicious traffic and weak cipher suites

Our infrastructure runs on Amazon Web Services. AWS data centers maintain their own independent certifications, including ISO 27001 and SOC 1/2. Firewall and network protection is provided through Cloudflare and AWS.

Tallyfy Client - Diagram

Tallyfy Client - Diagram

Tallyfy REST API - Diagram

API docs: https://go.tallyfy.com/api/

Tallyfy REST API - Diagram

Operational Excellence

  • Comprehensive monitoring via AWS Cloudwatch, Cloudtrail and Moesif with auto-scaling resources. Check our status page.
  • Enterprise support options including ticketing, phone, and live chat with flexible IT integration.
  • PCI-compliant billing through Recurly and Stripe with zero local payment data storage.
  • Robust deployment pipeline using GitHub, automated testing, and staged releases.
  • Transparent updates documented in our product changelog.

Advanced Security Measures

Tallyfy enforces modern TLS (1.2/1.3) connections, DNSSEC protection, and strict HSTS implementation, earning an A+ rating on SSL Labs.

Tallyfy SSL report

Tallyfy.com is on the HSTS preload list. Verify our HSTS status.

HSTS test

Our security posture isn't just about claims-it's verified, tested, and transparent. That's our commitment to your data protection.

Follow Tallyfy