Security

Security at Tidal Control

Tidal was founded by Information security experts and ethical hackers with over 35 years of industry and Big 4 experience. We have designed, implemented, and audited SOC2 Type II compliant software systems.

Reporting a vulnerability? Visit our Responsible Disclosure page

Tidal Control is ISO27001 certified

Tidal Control is an ISO27001 certified company

A secure foundation

Cloud security

Infrastructure stands at the core of our technology operations, and as such, infrastructure security is the foundation of our overall security strategy.

Microsoft Azure Cloud: Tidal Control is hosted on Microsoft Azure, which is ISO27001 and SOC2 Type II certified. For more information and audit reports visit the Microsoft Azure Compliance offerings website.
Infrastructure as Code.: Our infrastructure is managed with Terraform, allowing us to automate the entire configuration process and leverage community expertise and best practices.
Periodic Threat Modelling.: We perform periodic threat modelling to identify and validate relevant threat actor scenarios, to determine business impact and associated risks, and to implement mitigating measures proactively.
Third party management: We keep a tight grip on data flows and access rights, and regularly review our vendor’s adherence to our security policies and standards.

A secure web app

Application security

Secure software is an ongoing process involving people and practices, where security is built in and software is developed with security in mind. We follow the GitOps principles to achieve just that.

Identity Management: Users are authenticated with Keycloak, with SSO and MFA. We use Azure Key Vault to store Cryptographic keys, secrets and authentication credentials used by our cloud app and services.
Access Control: We apply the least privileges principle to our employees. Development and Production environments are segregated, and all user activity is logged and monitored.
Continuous Vulnerability Monitoring: We monitor our environment continuously for vulnerabilities and errors associated with our code and code libraries, with tools such as Dependabot and Sentry.
Code Quality and Security: Our development pipeline is protected with branch policies and mandatory code reviews. We use Dependabot to manage vulnerabilities associated with the (third party) code libraries we use in our product.

Secure data processing

Data security

Data Security and Privacy are two foundational elements of building trust with our and your users, customers, and employees.

Data Encryption: We encrypt data at rest and in transit with strong encryption, and market-leading cryptographic configuration. Azure Key Vault safeguards cryptographic keys, secrets and authentication credentials.
Multi-Zone Availability: Tidal Control runs in multiple availability zones, with data and backups also being replicated across multiple zones within the EU. Backups are encrypted using AES 256-bit encryption.
Personal Data: Personal data is managed in line with our Privacy policy and GDPR. Data Protection Agreements (DPA) are in place with third parties. We have no subprocessors. Your data remains within the EU.
Data Hosting: We’re a multi-tenant application hosted on Microsoft Azure. All customers receive their own platform tenant, where data is inaccessible to other tenants.

Want to learn more? We welcome any feedback, questions, and suggestions.