Security Protocol
Last Updated: December 25, 2025
Security is not a feature at Temsee; it is the foundation of our entire architectural philosophy. We employ a multi-layered security strategy to ensure the integrity, availability, and confidentiality of your financial data.
1. Encryption Standards
We believe in the principle of "Encryption Everywhere":
- At Rest: All database volumes, backups, and storage buckets are encrypted using AES-256-GCM.
- In Transit: All data moving between your browser and our servers, and between our internal services, is encrypted via TLS 1.3 with Perfect Forward Secrecy.
- Key Management: We use Hardware Security Modules (HSM) to manage and rotate encryption keys automatically.
2. Infrastructure Security
Our cloud infrastructure is designed for resilience and isolation:
- Network Isolation: Our services run in private subnets within a Virtual Private Cloud (VPC), protected by multiple layers of stateful firewalls.
- DDoS Protection: We employ advanced edge protection to mitigate large-scale volumetric attacks before they reach our core systems.
- Tenant Isolation: Our multi-tenant architecture uses logical and physical separation to ensure that one tenant's data cannot be accessed by another.
3. Access Control (RBAC)
We enforce the Principle of Least Privilege (PoLP) through a robust Role-Based Access Control system. Internal administrative access requires multi-factor authentication (MFA) and is logged in an immutable audit trail.
4. Compliance and Auditing
Temsee maintains a continuous audit log of all critical system activities. We perform regular internal security reviews and automated vulnerability assessments to identify and remediate potential threats proactively.
5. Responsible Disclosure
If you believe you've found a security vulnerability in our platform, please report it to our security team immediately at security@temsee.com. We appreciate your assistance in keeping our community safe.