Security at TACTIC

Your venture data is sensitive. We take security seriously and implement industry best practices to protect your information.

Our Security Practices

Data Encryption

  • • TLS 1.3 encryption for all data in transit
  • • AES-256 encryption for data at rest
  • • Encrypted database connections
  • • Secure key management practices

Infrastructure Security

  • • Hosted on a SOC 2 Type II compliant platform
  • • Database on a SOC 2 compliant provider
  • • Automatic security updates
  • • DDoS protection and mitigation

Authentication & Access

  • • Secure password hashing (bcrypt)
  • • Session-based authentication
  • • Role-based access control
  • • Secure password reset flows

Data Protection

  • • Regular automated backups
  • • Point-in-time recovery capability
  • • Data isolation between users
  • • GDPR-compliant data handling

AI Processing Security

TACTIC uses AI models for venture assessments. Here's how we protect your data during AI processing:

  • No training on your data: Your venture submissions are not used to train AI models
  • Secure API communication: All API calls use encrypted HTTPS connections
  • Enterprise-grade provider: Our AI provider maintains SOC 2 Type II certification
  • Data retention limits: Processed data is not retained by our AI provider beyond API response

Payment Security

All payments are processed securely through a PCI DSS Level 1 certified payment processor:

  • • We never store your full credit card number on our servers
  • • All payment data is handled directly by our payment provider's secure infrastructure
  • • Industry-leading payment processing trusted by millions of businesses
  • • 3D Secure authentication for additional fraud protection

Responsible Disclosure

Help us keep TACTIC secure

We appreciate the work of security researchers who help identify vulnerabilities. If you discover a security issue, please report it responsibly:

  • • Email us at security@dtactic.com
  • • Provide detailed steps to reproduce the vulnerability
  • • Allow us reasonable time to address the issue before disclosure
  • • Do not access or modify data belonging to other users

We commit to acknowledging reports within 48 hours and providing updates on remediation progress.

Questions About Security?

Our team is happy to answer any questions about our security practices.

Contact Security Team
← Back to Home