TableTalk

Security

Last updated: August 15, 2025

Our Commitment to Security

At TableTalk, we understand that your business data and Google account information are critical assets. We've implemented comprehensive security measures across our platform to protect your information from unauthorized access, data breaches, and other security threats. This page outlines our security practices and the measures we take to keep your data safe.

Data Encryption

In Transit

  • • TLS 1.3 encryption for all data transmission
  • • HTTPS enforced across all endpoints
  • • Encrypted API communications with Google
  • • Secure WebSocket connections

At Rest

  • • AES-256 encryption for database storage
  • • Encrypted file storage systems
  • • Secure key management practices
  • • Regular encryption key rotation

Access Controls

We implement strict access controls to ensure only authorized personnel can access your data:

🔐

Principle of Least Privilege

Team members only have access to the minimum data required for their role

🔑

Multi-Factor Authentication

All system access requires additional authentication beyond passwords

📋

Regular Access Reviews

Quarterly audits ensure access permissions remain appropriate

🚪

Session Management

Automatic session expiration and secure session handling

Infrastructure Security

Cloud Security

  • SOC 2 Type II compliant cloud providers
  • Isolated network environments
  • DDoS protection and rate limiting
  • Intrusion detection systems
  • 24/7 infrastructure monitoring

Application Security

  • Secure coding practices and reviews
  • Input validation and sanitization
  • SQL injection prevention
  • Cross-site scripting (XSS) protection
  • Regular dependency updates

Audit Logging

We maintain comprehensive audit logs to track and monitor system activity:

What We Log

  • • User authentication attempts
  • • API access and usage patterns
  • • Data access and modifications
  • • System configuration changes
  • • Security events and anomalies

Log Protection

  • • Tamper-proof log storage
  • • Encrypted log transmission
  • • Automated log analysis
  • • Long-term retention policies
  • • Regular log integrity checks

Data Backup and Recovery

Backup Strategy

  • • Automated daily backups
  • • Multiple geographic locations
  • • Point-in-time recovery capability
  • • Regular backup integrity testing
  • • 30-day backup retention
  • • Encrypted backup storage
  • • Rapid recovery procedures
  • • Business continuity planning

Vulnerability Management

We proactively identify and address security vulnerabilities:

🔍Regular Security Scans: Automated vulnerability scanning of our systems
🛡️Penetration Testing: Annual third-party security assessments
Rapid Patching: Critical security updates applied within 24 hours
📊Threat Intelligence: Continuous monitoring of emerging security threats

Incident Response

In the unlikely event of a security incident, we have a comprehensive response plan:

Our Response Process

  1. Detection & Analysis: 24/7 monitoring systems alert our security team
  2. Containment: Immediate steps to limit the scope and impact
  3. Investigation: Thorough analysis to understand the incident
  4. Customer Notification: Transparent communication about any data impact
  5. Resolution: Complete remediation and system restoration
  6. Post-Incident Review: Lessons learned and security improvements

Communication: Affected customers will be notified within 72 hours of discovering any incident that may impact their data.

Compliance and Certifications

Standards We Follow

  • Google API Services User Data Policy
  • OAuth 2.0 security best practices
  • OWASP security guidelines
  • SOC 2 compliance framework
  • GDPR privacy requirements

Regular Audits

  • Annual security assessments
  • Quarterly compliance reviews
  • Monthly security training
  • Continuous monitoring programs
  • Third-party security validations

Your Role in Security

While we implement strong security measures, you also play an important role in keeping your account secure:

Security Best Practices

  • • Keep your Google account credentials secure
  • • Enable two-factor authentication on your Google account
  • • Regularly review connected applications in your Google account
  • • Report any suspicious activity immediately
  • • Keep your devices and browsers updated
  • • Don't share your account access with unauthorized users
  • • Log out of shared or public devices

Security Questions or Concerns?

We take security seriously and welcome any questions or concerns about our security practices.

Contact Our Security Team

Email: tabletalk-support@googlegroups.com

Subject: Use "Security Question" for fastest response

Response time: Security-related inquiries receive priority handling within 24 hours

Security Vulnerability Reporting: If you discover a potential security vulnerability, please report it to us immediately. We appreciate responsible disclosure and will acknowledge your contribution to keeping TableTalk secure.