Security & Compliance

Your data stays
yours

Tilores is SOC 2 certified and deploys on AWS — either inside your own account or in ours. Whichever you choose, you get the same audit trails, access controls, and automated deletion tools to meet GDPR, CCPA, and financial regulation requirements.

Visit Trust Centre Privacy Policy
Certification

SOC 2 certified

Tilores has completed a SOC 2 Type I audit, independently verifying our controls for security, availability, and confidentiality. The full report is available to enterprise customers and prospects under NDA.

You can verify our certification status and request the report directly from our Trust Centre.

View Trust Centre →
SOC 2 certified
Built from experience

Designed inside a regulated environment

Tilores wasn't designed for the enterprise market and then retrofitted for compliance. It was born inside Regis24, a German consumer credit bureau operating under some of the strictest data protection law in the world.

The founding team ran production systems handling hundreds of millions of records on tens of millions of people — subject to GDPR and the data minimisation requirements that come with processing credit data in Germany. Privacy controls weren't added as a feature; they were engineering constraints from day one.

That background is why Tilores stores data provenance, supports cascading deletions, logs every access, and deploys inside your own environment rather than a shared cloud.

Origin
Regis24 — Berlin, Germany

German consumer credit bureau. One of the first production deployments of what became Tilores.

Regulation
Built under GDPR from the start

Not retrofitted. Data deletion, access controls, and audit trails were core requirements before the first line of product code was written.

Deployment

Runs inside your AWS account

Tilores runs as serverless infrastructure on AWS. For customers with strict data residency or security requirements, we can deploy directly into your own AWS account — your data never leaves your VPC and Tilores has no access to it. For teams that prefer a managed setup, we also offer a hosted deployment in our own AWS environment.

Platform Controls

Built for regulated environments

Data Provenance

Every record in the identity graph carries a label showing which source system it came from — so you always know the origin of any data point.

Access Controls

API-level permission management lets you restrict which consumers can query or export data from a given source.

Automated Data Deletion

Configure time-based retention rules per data source. When a record expires, Tilores purges it automatically — no manual intervention required.

Audit Trails

Every query, export, and deletion is logged. If a regulator or auditor asks how you responded to a DSAR, the answer is already recorded.

Data Integrity on Deletion

When a record is deleted, Tilores intelligently reorganises the identity graph so no other customer record is corrupted or orphaned.

Explainable Identity Resolution

Rules-based matching means you can always show why two records were linked — no black-box decisions to justify to regulators.

Questions about security or compliance?

Our Trust Centre has the full documentation. For enterprise security reviews, contact us directly.

Trust Centre Talk to Us