Compliance & Security

Enterprise-grade security and regulatory compliance you can trust.

Security First

At Tumquan, security isn't an afterthought—it's foundational to everything we build. Our platform is designed with defense-in-depth principles, ensuring your data and computations are protected at every layer.

We undergo regular third-party security audits, maintain comprehensive compliance certifications, and follow industry best practices for secure software development.

Certifications & Standards

SOC 2 Type II

Independently audited for security, availability, processing integrity, confidentiality, and privacy.

ISO 27001

Certified information security management system covering all aspects of our operations.

GDPR Compliant

Full compliance with EU data protection regulations, including data subject rights and breach notification.

HIPAA Ready

Business associate agreements and controls in place for healthcare customers handling PHI.

FedRAMP (In Progress)

Working toward FedRAMP authorization for US government customers.

PCI DSS

Payment card industry compliance for customers processing financial transactions.

Security Practices

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit for all data
  • Access Control: Role-based access with MFA, SSO integration, and audit logging
  • Network Security: Private networks, firewalls, DDoS protection, and intrusion detection
  • Vulnerability Management: Continuous scanning, penetration testing, and responsible disclosure program
  • Incident Response: 24/7 security monitoring with documented incident response procedures
  • Business Continuity: Disaster recovery, data backups, and high availability architecture

Data Residency

We offer data residency options to meet your regulatory requirements. Choose to keep your data in the United States, European Union, or other supported regions. Your data never leaves your selected region without explicit consent.

Security Resources

Need security documentation for your procurement process? We're happy to provide security questionnaires, penetration test summaries, and compliance certificates.