Legal
Security at Tellr
Last updated May 1, 2026.
Tellr is an anti fraud product. Security is the product. This page covers the controls we run today and the documents we share on request.
Certifications
- SOC 2 Type II. Report available under NDA.
- Annual third party penetration test. Summary letter available.
- Annual application security review of the check pipeline.
Infrastructure
- Single tenant compute is available on the Enterprise plan.
- Data encrypted in transit with TLS 1.3 and at rest with AES 256.
- Hardware backed keys for cryptographic material.
- Region selectable storage. US default. EU available.
Application
- SSO via SAML and OIDC for the dashboard.
- Role based access control with project scoped API keys.
- HMAC signed webhooks with rotation in the dashboard.
- Audit log on every check, every rule change, every key event.
Operations
- 24/7 on call for the check API on Business and Enterprise plans.
- 99.99% uptime SLA. Status posted at status.tellr.tech.
- Quarterly disaster recovery exercise with documented RTO and RPO.
Responsible disclosure
Report security issues to security@tellr.tech. We acknowledge within 24 hours and triage within 72.
Documents on request
SOC 2 Type II report, pen test summary, vendor security questionnaire plus our standard DPA. Email security@tellr.tech for any of these.