Security

How TATER protects your compliance data and infrastructure.

TLS 1.2+ AES-256 Encryption Azure Cloud Entra ID Auth RBAC Enforced Tenant Isolation

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption via Azure Cosmos DB and Azure Storage built-in encryption.

Authentication

TATER uses Microsoft Entra ID (Azure AD) with OAuth 2.0 / OpenID Connect. We support multi-factor authentication and never store passwords.

Multi-Tenant Isolation

Each organization's data is logically isolated using tenant-specific partition keys. Server-side authorization ensures users can only access their organization's data.

Role-Based Access

Fine-grained role hierarchy (SuperAdmin, Admin, OrgAdmin, Auditor, Viewer) controls access at the organization and feature level with server-side enforcement.

Infrastructure

TATER is hosted entirely on Microsoft Azure infrastructure:

Frontend: Azure Static Web Apps with global CDN distribution and automatic SSL certificates

API: Azure Functions (Node.js/TypeScript) with serverless auto-scaling

Database: Azure Cosmos DB with automatic failover, backup, and geo-replication capabilities

Authentication: Microsoft Entra ID with JWT token validation on every API request

API Security

Every API request is authenticated and authorized through a multi-step process:

JWT tokens are validated on every request, including signature, issuer, audience, and expiration

Organization membership is verified server-side before granting access to any tenant data

API keys provide an additional authentication layer for agent and integration access

Rate limiting and request validation protect against abuse

Compliance Agent Security

The optional TATER Compliance Agent is designed with security as a priority:

Runs with minimal required privileges on endpoints

Communicates exclusively over HTTPS with certificate validation

Collects only the specific system configuration data defined by scan commands

Does not persist sensitive data locally — results are transmitted and discarded

Distributed as a signed MSI installer for Windows environments

Data Protection

Deleted records are soft-deleted to a recycle bin with a 30-day retention period before permanent removal

Azure Cosmos DB provides automatic backups with point-in-time restore capability

Audit logs track administrative actions and configuration changes

Data export capabilities allow organizations to retrieve their data at any time

Responsible Disclosure

If you discover a security vulnerability in TATER, please report it responsibly by contacting security@tatersecurity.com. We ask that you allow us reasonable time to investigate and address the issue before public disclosure.