1. Purpose and Scope
Tio takes data security very seriously. This document sets out to describe how we protect data within the Tio web and mobile products.
2. Password Management
Good password practice is extremely important to data security.
General
- For security, traceability and functional reasons, the account must not be shared
- Use of Tio requires a strong password, a minimum of 8 characters in length. In addition, we recommend the following:
- The longer the password the better
- Where possible, do not re-use passwords from other accounts
- In line with latest best practice, Tio does not enforce password rotation
- Accounts shall be temporarily locked in the event of multiple incorrect password entry
- Tio does not store passwords in raw form
Tio Staff
- Tio adds 2FA to its authentication practices
If you suspect a security breach related to passwords within Tio or another account, change your password immediately.
3. Data Storage
Tio hosts its data on Microsoft Azure cloud services. One of the worlds leading 3rd suppliers, providing a high level of physical and operational security.
Physical Security
Please refer to the below link to learn about the security of Azure data centres: https://docs.microsoft.com/en–us/azure/security/fundamentals/physical–security
Data Location & Backups
Tio employs both redundancy and replication to support resilience of service.
- All hosted data is held and stored within the United Kingdom
- All data is backed up daily
4. Communication
All communication from web browser or mobile app is encrypted with a minimum of TLS 1.2 enforced.
5. Security Testing
Both web and mobile applications are regularly scanned by 3rd party tools and any potential vulnerabilities mitigated.
6. Credit card data
Tio uses 3rd party providers to process any credit card payments, it does not store credit card details.
Further questions?
In case of any further questions, please contact [email protected]