How can we help? 👋

Security FAQ

Quick answers to the questions security and procurement teams ask most.

Quick answers to the questions we hear most from security and procurement teams. Each topic has a full article. Follow the links for detail.

Is Talkative ISO 27001 certified?

Yes. Talkative maintains an Information Security Management System certified to ISO/IEC 27001:2022. See ISO/IEC 27001:2022 Certification.

Where is the platform hosted?

On Amazon Web Services (AWS), across four regions: UK, Germany, Australia and the United States. Your data is hosted in the region your deployment uses, and AWS provides data-centre physical and environmental security under its own ISO 27001:2022 certification. See Data Hosting & Residency.

Is customer data encrypted?

Yes, in transit (TLS, HTTP automatically redirected to HTTPS) and at rest in our databases and object storage. Company devices are encrypted too. See Encryption.

Do you carry out penetration testing?

Yes, independent third-party penetration tests are performed at least annually, with findings tracked to remediation. See Vulnerability Management & Penetration Testing.

How is access to systems controlled?

Least privilege, multi-factor authentication across core systems, regular access reviews, and prompt deprovisioning when people leave. See Access Control.

Are employees background-checked?

Personnel and contractors with privileged or administrative access to production systems are subject to background verification, including criminal-history checks where lawful. See People & Security Culture.

Are you GDPR compliant? Do you have a DPO?

We comply with the UK GDPR and Data Protection Act 2018, act as a data processor for customer data, and have appointed a Data Protection Officer. See Privacy & GDPR.

How long do you retain customer data?

By default, customer data is retained for 60 days after contract termination; customers retain ultimate control of their data. See Data Management & Privacy.

Do you use AI, and how is my data handled?

Yes. Our AI features are optional and use established third-party LLMs that you select. We do not train models on your data, and most AI processing is zero-retention. See AI data compliance.

How do I report a security issue or vulnerability?

Email incidents@gettalkative.com or call 01633 302069. See Incident Response and Responsible Disclosure.

Can I get your policies, SoA, or pen-test report?

Yes, these are available under NDA. See Request Documentation Under NDA.

Where can I check live service status?

Did this answer your question?
😞
😐
🤩