Security and Privacy at Tevalon

At Tevalon, we understand that the trust of our users is paramount. This trust is built on a foundation of robust data security measures and privacy protection.

We are deeply committed to safeguarding your information and ensuring its confidentiality, integrity, and availability in accordance with industry good practice. This is reflected in our commitment to data security and privacy, described below.

Our Commitment to Data Security

We implement a multi-layered security strategy, adhering to industry best practices and leveraging leading-edge technologies to protect your data from unauthorised access, disclosure, alteration, or destruction. Our approach encompasses:

  • Front-End Security with Cloudflare

    We utilise Cloudflare, a recognised tier-one provider, for our front-end security. Cloudflare's services provide a robust defence against various cyber threats, including DDoS attacks, bot attacks, and web application vulnerabilities, ensuring that your interactions with our services are secure. Before any request reaches our servers, it is first examined and vetted by Cloudflare using their industry-leading cyber security solutions. Any requests that show signs of malicious activity or fail Cloudflare checks are blocked long before they even reach our application servers. You can find out more about our front-end security here.

  • Back-End Security with Microsoft Azure

    Our back-end infrastructure is hosted on Microsoft Azure, a tier-one cloud platform. Azure offers a comprehensive suite of security services, including advanced threat protection, network security, and identity management, which are continuously updated and monitored.

  • Regular Security Audits

    We conduct regular and thorough security audits and penetration testing. These audits help us identify and address any potential vulnerabilities proactively, ensuring our security measures remain effective and up-to-date against evolving threats and implementing the defence in depth principle.

  • Enforced Encryption

    All data, whether in transit or at rest, is subject to strong encryption protocols. This means that when your data moves between your device and our servers, it is encrypted (using secure protocols such as HTTPS or SSH) and when it is stored on our systems, it is also encrypted.

    1. Our DNS security can be verified here.
    2. Our HTTPS security can be verified here.

Our Commitment to Data Privacy

Tevalon is fully committed to upholding the privacy rights of our users, in strict adherence to the UK General Data Protection Regulation (UK GDPR), which mirrors EU GDPR. Our privacy framework is built on the core principles of transparency, accountability, and user control. We ensure compliance by:

  • Lawful, Fair, and Transparent Processing: We process personal data lawfully, fairly, and in a transparent manner. This includes clearly informing you about what data we collect, why we collect it, and how we use it.
  • Purpose Limitation: We collect personal data only for specified, explicit, and legitimate purposes and do not further process it in a manner that is incompatible with those purposes.
  • Data Minimisation: We only collect personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy: We take every reasonable step to ensure that personal data is accurate and, where necessary, kept up to date.
  • Storage Limitation: We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • User Rights: We respect and facilitate your rights as a data subject under UK GDPR, including your right to access, rectification, erasure, restriction of processing, data portability, and objection to processing.
  • Anonymous Feedback: In cases when anonymous feedback is requested and collected, we ensure that it stays anonymous by either not collecting or not processing data that can be used to de-anonymise collected anonymous feedback, subject to technical restrictions.

Need to adjust what you agreed to? Reset your consent below and we'll ask again the next time you visit.

By implementing these security measures and adhering to UK GDPR requirements, we provide a secure and trustworthy platform for all our users. Your privacy and the security of your data are our highest priorities and you can always contact us at security-and-privacy@tevalon.ai if you have any questions or requests.