Data storage & controls

All data is stored encrypted in either our primary Microsoft Azure Datacentre in Dublin, Ireland or our secondary geo-redundant Microsoft Azure Datacentre in Amsterdam, Holland. No data is stored on the end-user mobile device.

All data either at rest or in transit is encrypted. At rest, data is encrypted using Transparent data encrypted (TDE) using key based AES 256 algorithm. In transit, all connection use Transport Layer Security (TLS v 1.2 or greater).

All data access is governed by role-based access control following our ‘Least Privilege’ Access Control governance policy.

Physical access control at Azure Datacentres meets or exceeds Tier 4 standards and meets all ISO 27001, HIPAA, FedRAMP, SOC 1, SOC 2, and UK G-Cloud standards.

All Tiller staff undertake full background check screening before employment and are required to undertake security awareness training every 6 months. Access Control policies are followed on any change of employment status to confirm, change, or revoke access rights.

Further information on data security can be found on our website: https://www.tillertech.com/privacy-policy.

PDF Report

A customer report can be generated for all clients that have been processed. The PDF can be downloaded directly from the browser by an authorised user from the Verify by Tiller Portal. The PDF contains all information captured against the individuals and the detailed output for the verification checks performed.

Third Party Services

Tiller Technologies shares individual data with 3rd party services to be able to perform verification checks. Agreements are in place with all service providers, and mutual due diligence has been completed. Each company using the Verify by Tiller services will be required to accept Terms and Conditions that stipulate how data is processed. Each end customer will need to accept an End User Terms to use the Verify by Tiller application.

Security testing

Security is continually tested using an in-house QA (quality assurance) team ensuring the alignment of the services to Tiller Technologies’ data security policies. A full penetration test will be conducted by NCC Group prior to the production launch of the services. This will be conducted at a minimum of once every 12 months.

Further information about data security is found in our Privacy Policy, Terms & Conditions and End User Terms. Tiller Technologies is a Data Processor and will conduct regular DPIAs (Data Protection Impact Assessments) for each new feature developed and deployed.