Data Protection & Compliance
How Tiquo encrypts, stores, and protects your data
Data Protection & Compliance
Tiquo is designed to protect personal and operational data across every layer of the platform—from storage and encryption to privacy rights and regulatory compliance.
Data protection is embedded directly into platform architecture, operational processes, and product design, ensuring lawful processing, strong safeguards, and consistent global privacy standards.
Data Protection Overview
Tiquo applies a defence-in-depth approach to data protection, combining encryption, redundancy, access controls, and governance frameworks to safeguard customer and business data at all times.
Controls are designed to ensure confidentiality, integrity, availability, and recoverability across all environments, including web applications, mobile apps, APIs, PDQ terminals, and internal systems.
Data Encryption & Storage
Encryption Standards
All data processed by Tiquo is encrypted both at rest and in transit:
| Layer | Standard |
|---|---|
| At Rest | AES-256 encryption |
| In Transit | TLS 1.2 or higher |
| Web Traffic | HTTPS enforced across platform |
| Browser Security | HSTS (HTTP Strict Transport Security) |
HSTS ensures browsers always use a secure, authenticated connection to Tiquo, preventing downgrade attacks and cookie hijacking.
Data Storage
Multi-AZ Replication
Databases replicated across multiple AWS availability zones
Redundant Backups
Regular periodic and incremental backups
11 Nines Durability
99.999999999% durability ensures data is always recoverable
Physical Redundancy
Protection even in event of physical outage
This layered approach ensures sensitive information remains secure, resilient, and continuously available.
Privacy & Data Protection
Tiquo is designed to meet leading global standards for data protection and privacy.
Regulatory Compliance
Our commitment to privacy remains consistent across every region where Tiquo operates.
POPIA Compliance
Beyond GDPR and CCPA, Tiquo applies POPIA (Protection of Personal Information Act) principles to ensure strong privacy rights, lawful processing, and cross-regional data consistency.
Certifications & Assurance
Tiquo works with trusted third parties to verify that our systems meet strict security and operational standards.
Security Frameworks
| Framework | Status |
|---|---|
| NIST Cybersecurity Framework | Aligned |
| NIST 800-53 | Aligned |
| NIST 800-63 | Aligned (Identity Guidelines) |
| PCI DSS | Inherited via Stripe |
| SOC 2 Type II | In Progress |
We enforce SOC 2-aligned controls across all sub-processors to ensure consistent security and operational integrity.
Service Management
We align with ITIL service management practices to support structured operations, incident response, and continual improvement.
These certifications validate that Tiquo's infrastructure and processes are built to deliver enterprise-grade reliability and trust.
Global Privacy, Ethics & Data Rights
Tiquo maintains a global approach to privacy, ensuring user rights and lawful processing across every region in which we operate.
Marketing & Tracking
Marketing and tracking technologies follow the ePrivacy Directive, ensuring explicit and adjustable consent with user preferences respected at all times.
Our Commitments
Clear Notices
Transparent information about data processing
Accessible Consent
Easy-to-use consent flows
Data Minimisation
We only collect what's necessary
Ethical Processing
Reinforced trust across international user groups
AI-Assisted Features
AI-assisted features within Tiquo are subject to the same privacy, data protection, and regulatory standards as all other platform functionality.
AI Privacy Protections & Data Minimisation
Tiquo applies strict privacy-first controls to all AI-assisted workflows. No raw personally identifiable information is sent to external AI models.
| Data Type | Treatment |
|---|---|
| Email Addresses | Reduced to domain-level only |
| Physical Addresses | Truncated to city-level granularity |
| Phone Numbers | Never transmitted—only anonymised counts where required |
Tiquo also enforces data minimisation by design:
Capped Collection
Capped collection sizes to limit data volume
Sanitised Inputs
Truncated and sanitised free-text inputs
Schema-Based Selection
Strict schema-based attribute selection to ensure only the minimum required data is processed
GDPR Article 22 Safeguards
AI-assisted features are designed to support users, not replace decision-making.
Outputs are informational summaries and recommendations only, and users retain control over final actions.
Tiquo does not use AI to make automated decisions with legal or similarly significant effects without meaningful human involvement, in alignment with GDPR Article 22.
Data Subject Rights
Users can exercise their data rights through their Tiquo account or by contacting support:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate personal data |
| Erasure | Request deletion of your data |
| Portability | Export your data in a portable format |
| Restriction | Limit how your data is processed |
| Objection | Object to certain processing activities |
Privacy Requests
Contact our privacy team for data subject requests
Fiscal & POS Compliance
Fiscal and POS requirements vary by jurisdiction. Where required, Tiquo supports reporting to tax authorities, either directly or via certified fiscal systems, and provides immutable records, audit logs, and exports.
Fiscal reporting obligations remain with the merchant or operator, depending on local rules.