An overview of how Talkative protects your data and the standards we meet.
Quick answers to the questions security and procurement teams ask most.
Talkative's ISO 27001:2022 certification and how our ISMS is governed.
How our ISMS addresses the ISO 27001:2022 management clauses and all 93 Annex A controls.
The full set of ISMS documents and security policies we maintain, approve and review.
Where the platform is hosted and how responsibility is shared with AWS.
How customer data is encrypted in transit, at rest, and on company devices.
Environment separation, hardened network surface, intrusion detection and secure configuration.
Centralised logging, continuous monitoring, automated alerting and time synchronisation.
Multi-AZ deployments, daily backups, tested restores and our BC/DR programme.
How vulnerabilities are identified, prioritised and fixed, including independent annual penetration tests.
Least privilege, MFA everywhere, regular access reviews and prompt deprovisioning.
Hiring checks, policy acceptance, security training and managed devices.
Secure development policy, peer review with security checks, change management and environment separation.
Vendor inventory, risk levels, security assessments and data-protection agreements.
Inventory, ownership, classification and secure decommissioning of assets.
Our role as a data processor, UK GDPR compliance, our DPO, and how we handle data subject requests.
Where the Talkative platform runs and how hosting responsibilities are shared with AWS.
How Talkative uses AI: the models we offer, what data each feature processes, where it runs, and our zero-retention approach.
Data governance, processing records, retention, secure deletion and PII removal.
How to report a security concern and how Talkative responds to incidents.
How security researchers and customers can report a vulnerability to us.
Office access controls, visitor management, and data-centre physical security via AWS.