Tango Technology, Inc.

Security and Trust

At Tango, we take data security and privacy very seriously. This page provides some general information about our practices to give you confidence in how we secure your data.

Trust

  • We don’t sell, rent, or provide information to third parties to help them advertise to you.
  • Our financial interests are aligned with yours - we make money when you see value in and purchase one of our paid product offerings, ex. Tango Pro and Tango Enterprise.
  • While personal or sensitive data may from time to time be captured during a workflow, rest assured that we do not want or need such data. It’s our view that using your personal or sensitive data in any manner other than to provide our services would be unethical and inconsistent with Tango’s values.

Compliance

SOC 2

Tango is proud to be SOC 2 compliant. We worked with an independent auditor to achieve a clean SOC 2 Type 1 attestation report. Additionally, we use Drata’s automation platform to continuously monitor our SOC 2 controls and maintain real-time visibility into our organization’s security posture. Our SOC 2 audit report is available by request for qualified enterprise customers.

Infrastructure

Our services are hosted on Amazon Web Services (AWS), which continuously maintains certification for a variety of global security and compliance frameworks. For more information about their certifications and compliance practices, please visit the AWS Security and AWS Compliance sites.

Application Security

  • We use TLS everywhere in the Tango application.
  • Your data is encrypted at rest and in transit using industry standards.
  • We maintain an A from Qualys/SSL Labs (see here).
  • We regularly scan our applications for vulnerabilities using automated tools and apply security patches to vulnerable components.
  • When you purchase a paid Tango subscription, your credit card data is not transmitted through nor stored on our system. We use Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1. For more information about Stripe’s security practices, see here.

Data Protection and Disaster Recovery

  • Our systems were designed and built with disaster recovery in mind.
  • All of our infrastructure is hosted in the cloud on AWS. We use an AWS VPC that is not publicly accessible.
  • We leverage multiple AWS Availability Zones to redundantly store customer data.
  • Our data is automatically backed up daily and we regularly test that our backups are working and can be easily restored.

Corporate Security

  • All company laptops are actively managed and can be remotely wiped. We require screensaver locks, full disk encryption, anti-malware protection, password manager use, and automatic updates to be enabled.
  • We implement a human review process augmented by automated checks to ensure consistent quality in our software development practices.
  • Access to services, source code, and third-party tools are secured with two-factor authentication whenever possible.
  • Employees are given the lowest level of access that allows them to get their work done and data access is logged.
  • Our employee contracts include a confidentiality agreement.
  • All personnel undergo background checks and receive regular security awareness training.

Responsible Disclosure

  • If you’ve discovered a vulnerability in the Tango application, please contact us at security@tango.us. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues.
  • We prioritize clearly written reports with reproducible examples for app.tango.us. We do not accept reports for blog.tango.us or www.tango.us.

FAQs

If you have additional questions, please see the Security section of our FAQs for more detailed information about our application and practices.