Back
Security & privacy

Trust center

ISO 27001 Certified
SOC 2 Type II In progress
GDPR & UAE PDPL Aligned
Pen testing Periodic · third-party

Controls in place

01 Data protection
  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • PII redacted from application logs
  • Point-in-time recovery
  • Cross-region replication
  • Multi-region hosting · region pickerSoon
  • Customer-managed keys (BYOK)Soon
02 Access & identity
  • SAML 2.0 SSO & SCIM provisioning
  • MFA enforced for every user
  • Role-based, least-privilege access
  • Short-lived tokens with rotation
  • Tenant isolation · row-level security
  • Privileged access — time-bound & logged
03 Your data rights
  • Immutable audit logs, exportable
  • Full data export on demand
  • Certified deletion (destruction receipt)Soon
  • Customer-controlled retention windowsSoon
04 Operations
  • 24-hour breach notification
  • Documented incident response
  • WAF & DDoS protection
  • Background-checked personnel

Documentation

Document  
ISO 27001:2022 certificate PDF · 1.2 MB · Updated 15 Jan 2026 Request access
Data Processing Agreement (DPA) PDF · 480 KB · v3.1 Request access
Privacy Policy Live page · tarth.ai/privacy View
Penetration test - executive summary PDF · latest test Nov 2025 Request access