Built for trust.
Telltone is built and hosted entirely in Germany. Your data stays in the EU, is encrypted end-to-end, and is isolated by default — one workspace can never see another's data.
Hosted in Germany
EU Central — FrankfurtAll data is stored on Supabase EU Central (Frankfurt). Your data never leaves the European Union.
GDPR compliant
Telltone is designed from the ground up for GDPR. Data minimisation, right to erasure, and lawful processing are built into the platform — not bolted on.
Row-Level Security
Every table is scoped by workspace. Supabase RLS policies enforce tenant isolation at the database layer — not just in application code.
Encrypted in transit
All connections use TLS 1.3. There are no plain-text endpoints. Certificates are managed and auto-renewed.
Encrypted at rest
Data at rest is encrypted with AES-256 via managed database hosting. Encryption keys are managed by the infrastructure provider under SOC 2 controls.
Two-factor authentication
TOTP-based two-factor authentication is available for all workspace accounts. Enforce 2FA for your team from workspace settings.
Role-based access
Three built-in roles — admin, manager, and member — each with scoped permissions. No one sees more than they need to.
No AI data retention
AI conversations processed by Telltone are not used for model training. Your client data is never shared with third-party AI providers for any purpose other than completing the request.
Audit logging
Coming soonWorkspace admin actions will be logged with timestamps and actor identity. Audit log export is on the roadmap for Q3 2026.
Regular backups
Automated daily backups with point-in-time recovery up to 7 days. Backup retention and restoration are managed by Supabase under their business continuity SLA.
Questions about our security posture?
We're happy to share further documentation, answer questions during a consultation, or discuss specific compliance requirements.