Tackd
Security

Security and Trust

Tackd is not SOC 2 certified yet. This page documents the practical controls in place and the roadmap we are building toward.

Trust posture
Beta-ready, not SOC 2 certified yet

These pages document how Tackd protects customer data today and what still needs formal review before enterprise procurement.

Last updated May 2026

Security Snapshot

Authentication

Tackd uses Google sign-in through Supabase Auth. Access can be limited by beta allowlist, and app data is scoped to authenticated users and active workspace memberships.

Workspace isolation

Prospects, briefs, decks, proposals, CRM links, and jobs are scoped by workspace. Supabase row-level security policies enforce owner and active-member access.

Secrets and CRM tokens

Server secrets are stored outside the browser. Salesforce OAuth tokens are encrypted before storage and decrypted only server-side when Tackd needs to call Salesforce.

Billing and payment data

Payments are handled by Stripe. Tackd stores billing identifiers and subscription state, but does not store raw payment card numbers.

AI processing

AI requests are made server-side. Usage is gated by billing and rate-limit controls so authenticated users cannot silently burn unlimited model calls.

File uploads

PowerPoint uploads are size-limited and parsed server-side. The roadmap includes stronger malware scanning and isolated file processing before larger enterprise use.

Trust Checklist

DoneAuth-required app, workspace-scoped data, RLS, encrypted Salesforce tokens, rate limits, billing gates, security headers, and share-link controls.
In progressTeam-role QA, Stripe sync monitoring, audit views, PowerPoint hardening, support, and incident workflows.
PlannedSOC 2 readiness evidence, formal access reviews, vendor review cadence, malware scanning, data export/delete workflows, and public status page.

Incident and Vulnerability Reporting

Report suspected vulnerabilities, unauthorized access, or data exposure to security@tackd.ai. Please include affected URLs, reproduction steps, impact, and whether any customer data may be involved.

Vendor and Data Processing

Tackd relies on infrastructure, AI, billing, authentication, background job, email, and optional CRM vendors. See the subprocessors page for the current vendor list and the kind of data each provider may process.