Data Security Policy

Calliyo treats customer data as a top priority. This policy summarises the controls we have in place.

Encryption

All traffic between the app, web client and our servers is encrypted in transit using TLS. Sensitive data is encrypted at rest.

Access controls

Production systems are accessible only to authorised engineers using strong authentication. Customer data access is logged and audited.

Backups

We run automated daily backups with offsite copies. Restoration is tested periodically.

Incident response

If a security incident occurs that affects your data, we will notify affected customers without undue delay, share what we know, and provide remediation guidance.

Reporting a vulnerability

Please email security@calliyo.com with technical details. We appreciate responsible disclosure.