Security by Design:
Engineered Trust
for the Industrial Sector
A proactive, layered security program to protect proprietary manufacturing data, combining industrial-grade architecture, rigorous controls, and deep collaboration with our partners.
Enterprise-Grade Protection
Infrastructure Security
Data is hosted in ISO 27001 certified data centers with SOC 2 reports, physical safeguards, redundant networking, power, and 24/7 security.
Network Security
Our systems are hosted within a secure virtual private cloud. We perform periodic automated network intrusion tests.
Leading Encryption
Your data is encrypted with AES-256 at rest. All connections are secured using TLS with 256-bit encryption.
Secure Application Development
All software is subject to code reviews and security scans.
Personnel Training and Controls
All employees undergo security training, background checks, and access control.
Regular Audits and Tests
Systems are tested for vulnerabilities, logs are reviewed for suspicious activity, and we get regular third-party audits.
Single Sign-On
We integrate with leading identity management solutions including AWS IAM Identity Center (formerly known as AWS Single Sign-On) and Microsoft Active Directory.
No Model Training
Harvey contractually guarantees through our Security Addendum that your data stays yours. We don’t use inputs, outputs, or uploaded documents to train underlying models.
Audit Trails
We track and log every action users take so you always know who made changes and when.
At Tabbird, our goal is to build the definitive Warranty Intelligence platform for manufacturers. From the moment we embarked on this journey, a core, non-negotiable principle has guided our every step: the absolute protection of our customers' intellectual property and operational data.
We understand that the information entrusted to us, from unstructured field reports to high-fidelity sensor telemetry. It is not just "content". It is the blueprint of your product's performance. We have built our company from the ground up with this profound responsibility in mind, knowing that in the industrial sector, data integrity is synonymous with operational continuity.
A Culture of Security, Not an Afterthought
At Tabbird, security has never been an afterthought. While certifications are milestones we are actively working toward, our founders laid a foundation of rigorous security standards from day one. We believe that security is not just a checkbox for an auditor—it is a fundamental engineering constraint that dictates how we build every feature.
Our engineering culture treats data privacy as a critical quality metric, equal to system uptime or latency. This means that security reviews are embedded in our development lifecycle (SDLC) before a single line of code reaches production. We have established an Information Security Program that follows the strict criteria set forth by the SOC 2 Framework, ensuring that our internal governance aligns with the rigorous standards expected by global enterprises long before the formal audit is completed.
Our Philosophy: Protecting the Crown Jewels
We view compliance as an outcome, not the driver, of our security program. Our immediate focus is on the practical, robust defense of your data through Infrastructure Security and Isolation.
We leverage the world's most secure infrastructure to protect your assets. Tabbird is hosted on top-tier cloud providers:Microsoft Azure and AWS,that maintain ISO 27001 certifications and SOC 2 reports. This ensures physical safeguards, redundant networking, and 24/7 security staff. By building on this certified foundation, we inherit a level of physical and network security that meets the demands of mission-critical operations.
Partnership and Transparency: A Collaborative Approach
Security is a collaborative effort at Tabbird. We recognize that standards like SOC 2, while valuable, cannot capture every nuance of a specific manufacturer's risk profile. We welcome and actively engage in deep, technical security reviews with our customers.
We believe in transparency over obscurity. Rather than hiding behind vague assurances, we work with your IT and security teams to validate that our controls meet your specific requirements for data residency and access. Whether it's walking your team through our encryption implementation or detailing our vulnerability management process, we view these audits not as hurdles, but as opportunities to demonstrate the robustness of our architecture.
Risk Management and Commitments
We believe in providing transparency and peace of mind. Unlike providers who hide behind standard terms, Tabbird maintains strong, transparent commitments to our customers regarding data ownership.
We address the unique risks of the industrial supply chain by ensuring that your data serves you alone. We include specific clauses in our agreements that define exactly how data is used, ensuring that your proprietary warranty data never becomes a commodity. We also enforce strict vendor risk management, ensuring that any sub-processor we utilize meets the same high bar for security and privacy that we set for ourselves.
Our Technical Approach: Layered Defense
Our security program is built on a layered approach, designed to neutralize threats at multiple levels:
1. Strict Data Segregation
We employ logical separation at the database level to ensure that your proprietary failure mode analysis and supplier logs never bleed into another customer's environment. For enterprise clients with custom needs, we go further, utilizing dedicated resources where models and data are hosted on client-specific servers, ensuring physical isolation.
2. Leading Encryption Standards
We eliminate entire classes of risk by making data unreadable to unauthorized parties. All data is encrypted at rest using AES-256, ensuring that even if physical storage were compromised, your data would remain secure. All data in transit—moving between your facilities and our secure cloud—is protected via TLS with 256-bit encryption.
3. Vulnerability Management
We don't wait for attacks to happen. We perform automated vulnerability scanning and actively monitor for threats to stay ahead of potential exploits. Our infrastructure is designed to be "secure by default," with strictly limited entry points and rigorous patching schedules.
4. Least Privilege Access
We strictly limit access to cloud infrastructure to authorized employees who require it for their role. All administrative access is protected by Multi-Factor Authentication (MFA) and logged for audit purposes.
Addressing AI-Specific Risks By Design
Tabbird uses AI and machine learning models to help you predict and prioritize warranty issues. This raises legitimate questions: Who owns the insights derived from your data? Can your proprietary failure patterns end up benefiting a competitor?
Our answer is unequivocal. Your data, your insights. Ground Truth remains yours:
We do not train our core AI models on customer data.
Whether it's defect logs, warranty claims, or technical documentation, any document you upload or query you submit stays within your isolated environment. While we use leading-edge transformer models for natural language understanding, customer-uploaded documents and queries are never used to retrain the underlying base models provided by third-party vendors.
Job's Not Finished
The landscape of security risks is constantly evolving with new technologies and attack patterns. While we are confident in our current security posture and the robust culture we've built, we remain vigilant.
We are actively executing our roadmap to achieve our own independent ISO 27001 and SOC 2 certifications to further validate the controls we have already engineered. Protecting your manufacturing intelligence isn't a one-time feature; it is our promise.