Certifications
TalkValue holds three independent ISO certifications, all issued on 2023-12-11:| Standard | Scope |
|---|---|
| ISO 9001 | Quality Management Systems |
| ISO 27001 | Information Security Management |
| ISO 37301 | Compliance Management Systems |
Encryption
Data is encrypted everywhere it lives and everywhere it moves:- In transit. All traffic to
app.trytalkvalue.com, the TalkValue API, and the public docs atdocs.trytalkvalue.comis served over TLS 1.2 or higher. HTTP traffic redirects to HTTPS at the edge. Internal service-to-service traffic in our infrastructure is encrypted as well. - At rest. Application databases, file storage, and backups are encrypted at rest using industry-standard AES-256 (or equivalent) symmetric encryption. Encryption keys are managed by the cloud provider’s key-management service and rotated on the provider’s schedule.
Access controls
Access to your workspace data is enforced at three layers:- In-product role-based access. Every member of a workspace holds either the Admin or Member role. The role gates whether a person can manage billing, integrations, and other members. See Roles and permissions for the full capability matrix.
- Authentication. TalkValue supports magic link email and Google sign-in. Both use industry-standard identity protocols. There is no shared-secret password to leak. See Login methods.
- Internal access. TalkValue staff access to production systems is restricted to a small on-call team, gated by role-based access in our identity provider, and logged. Access to customer data is granted only on documented support need, with the customer’s consent where the request originates from the customer.
Subprocessors
TalkValue uses a small set of subprocessors. Each holds its own certifications appropriate to its function:- Cloud hosting and database. Production infrastructure and storage.
- Identity provider. Sign-in flows and session tokens for magic link and Google.
- Payment processor. Card data, billing, and invoicing. TalkValue holds only the payment-method reference, never raw card numbers.
- AI provider. Powers the in-app AI assistant. Workspace data is processed under terms that prohibit training on customer content.
- Email delivery. Magic-link codes, invitations, billing receipts.
- Customer support tooling. Routes incoming support conversations.
- Product analytics. Usage signals used to improve TalkValue, no workspace content.
Customer data ownership
Workspace data (events, people, channels, badges, templates, Spark digests, tags) belongs to your workspace. TalkValue is the data processor, not the data owner. You can export it any time (see Export your data).Responsible disclosure
Report security issues directly to security@trytalkvalue.com. Include a description of the issue and its impact, reproduction steps, and your suggested severity. We acknowledge reports within 2 business days and follow up with remediation timing once reproduced. Researchers are credited by name on request once the issue is resolved. When investigating, don’t run automated scanners againstapp.trytalkvalue.com without coordinating first, access customer data beyond the minimum needed to demonstrate the issue, or disclose publicly until we’ve confirmed a fix.
Status and incidents
For live operational status, see status.trytalkvalue.com. Post-incident summaries are posted there once resolved.Related
- Export your data. Pull a workspace copy any time.
- Roles and permissions. In-product access control.
- Login methods. How authentication works for end users.
- Delete your account. End-of-life for account-level identity data.