Confidentiality & Data Handling

Tensflare takes the confidentiality and security of your data seriously. This page provides a technical overview of how we handle, store, and protect data submitted to our products. For legal professionals subject to confidentiality obligations, this information may assist in your due diligence.

For complete terms governing data processing, refer to our Commercial Terms, Consumer Terms, and Data Processing Agreement.

Data Classification

Tensflare classifies customer data into the following categories:

• Inputs: documents, contracts, prompts, and data you submit to our products for analysis
• Outputs: analysis, extractions, reports, and other results generated by our products
• Account Data: your name, email, billing information, and account settings
• Usage Data: aggregated, non-identifying information about how you interact with our products

Encryption

Data in Transit

All data transmitted between your systems and Tensflare is encrypted using TLS 1.3. We support only strong cipher suites and regularly audit our TLS configurations.

Data at Rest

All customer data stored by Tensflare is encrypted at rest using AES-256 encryption. Encryption keys are managed separately from the data they protect, rotated regularly, and stored in a hardware security module (HSM) or equivalent key management system.

Access Controls

Tensflare implements strict access controls to protect customer data:

• Least privilege: employees and contractors are granted access only to the data and systems necessary for their role
• Authentication: multi-factor authentication is required for all production system access
• Audit logging: all access to customer data is logged and monitored for unusual activity
• Background checks: all employees with access to customer data undergo background screening
• Training: all employees receive annual security and data handling training

Customer Isolation

Commercial Customers

For commercial customers, data is isolated using the following measures:

• Logical isolation: each customer's data is stored in logically separate database partitions or schemas
• Tenant identifiers: all data records are tagged with customer tenant identifiers, enforced at the application and database layers
• No cross-tenant access: application-level controls prevent one customer from accessing another customer's data

Individual Users

For individual users, data is associated with your account and not shared between accounts.

Data Processing Locations

Tensflare primarily processes and stores data in data centres located in:

• United States (primary)
• European Union (available for EU customers)

Customer data may be temporarily processed in other locations for purposes of providing, maintaining, and improving our services, subject to appropriate safeguards under applicable law.

Data Deletion

On Account Termination

When a commercial customer terminates their agreement, we will delete all customer data within 90 days, unless retention is required by applicable law. For individual users, you may delete your account and associated data through your account settings.

On Request

You may request deletion of your data at any time by contacting privacy@tensflare.com. We will process deletion requests within 30 days, subject to legal retention requirements.

Residual Copies

Deleted data may persist in backup systems for up to 90 days, after which backups are securely overwritten. Backups are encrypted and inaccessible to operational systems.

Subprocessors

Tensflare engages third-party subprocessors to help deliver our services. A complete, up-to-date list is maintained in our Subprocessor List. Current subprocessors include:

• Cloud hosting: AWS (US), GCP (US, EU)
• Database and storage: managed database providers
• Payment processing: Stripe
• Email and communications: transactional email providers
• Monitoring and logging: application performance monitoring services

We review our subprocessors annually and update our Subprocessor List when new subprocessors are engaged.

Incident Response

In the event of a security incident affecting customer data, Tensflare will:

1. Promptly investigate and contain the incident
2. Notify affected customers within 72 hours of confirmation
3. Provide details of the incident, data affected, and remediation steps
4. Cooperate with customers and regulatory authorities as required

Report security incidents to security@tensflare.com.

Compliance

Tensflare's security program is designed to align with industry standards, including:

• SOC 2 (in progress)
• ISO 27001 (planned)
• NDPA (Nigeria Data Protection Act 2023)
• GDPR (for EU data subjects)

We conduct regular internal audits and engage external security firms for penetration testing and vulnerability assessments.

Contact

For security or data handling questions, contact us at:

• Security incidents: security@tensflare.com
• Data privacy: privacy@tensflare.com
• General inquiries: sales@tensflare.com