Security

Security & Compliance

TagoIO is built on a foundation of security, privacy, and compliance. We protect your data so you can focus on building.

Visit Security Portal

Certifications & Compliance

GDPR Compliant

TagoIO fully complies with the EU General Data Protection Regulation, giving you control over your personal data.

ISO 27001 Certification

ISO 27001 Certified

Our information security management system is certified to the ISO 27001 international standard.

What is GDPR and How Does it Affect Your IoT Solution?

The General Data Protection Regulation (GDPR) is a privacy law enacted by the European Union in May 2018 to safeguard individuals' personal data and give them greater control over how it is collected, processed, and stored. GDPR applies to all organizations handling the personal data of EU residents, regardless of the organization's location, making it one of the strictest data protection laws globally. Key principles include the requirement for transparent consent, the right for individuals to access, correct, or delete their data, data minimization, and stringent security measures. As your trusted Data Processor, TagoIO is committed to helping you on your GDPR compliance journey.

GDPR Readiness is a Shared Responsibility

Under GDPR, both the Data Controller and the Data Processor share responsibility for protecting personal data, but they have distinct roles and obligations. The Data Controller (those who develop applications using our platform), who determines the purposes and methods of processing personal data, bears the primary responsibility for ensuring compliance with GDPR principles. The Data Processor (TagoIO), who processes data on behalf of the controller, must follow the controller's instructions, safeguard data through secure practices, and support the controller in fulfilling GDPR requirements. Both parties must cooperate to protect data and respond to data breaches.

TagoIO Product Capabilities

Data Retention Control

Set custom retention policies per bucket. Data is automatically purged when it expires, and you can delete it on demand at any time.

Learn More

Single Instance Architecture

Each TagoDeploy customer gets a dedicated instance with isolated resources, separate databases, and no shared infrastructure with other tenants.

Learn More

Data Subject Access Requests

Export or delete end-user data on request. Our APIs and admin tools make it easy to fulfill DSAR obligations within the required timeframes.

Learn More

Frequently Asked Questions

Where is TagoIO data stored?
TagoIO runs on AWS infrastructure. US customers use the us-east-1 (Virginia) region by default. EU customers can choose eu-west-1 (Ireland). TagoDeploy customers can select from 12+ AWS regions worldwide.
Is TagoIO ISO 27001 certified?
Yes. TagoIO holds ISO 27001 certification for its information security management system. The certificate is available on request.
Does TagoIO have a DPA?
Yes. We provide a GDPR-compliant Data Processing Agreement to all customers. You can download it from our DPA page or request a countersigned copy.
How does TagoIO handle data deletion?
Customers can delete data at any time through the admin console or API. When an account is terminated, all data is permanently deleted within 30 days.
Does TagoIO encrypt data?
Yes. All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption on AWS infrastructure.
Can I run TagoIO in my own AWS region?
Yes, with TagoDeploy. You can deploy a dedicated TagoIO instance in any of 12+ AWS regions worldwide, giving you full control over data residency.