Security & Compliance
TagoIO is ISO 27001 certified and GDPR compliant. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256), hosted on AWS, with data regions you choose. You keep ownership of your data, and we never use it for marketing or advertising.
Visit Security Portal- ISO 27001
- Certified since 2023
- GDPR
- Compliant, with DPA
- AES-256
- Encryption at rest
- TLS 1.2+
- Encryption in transit
- 12+
- AWS regions available
Certifications & Compliance
GDPR Compliant
TagoIO fully complies with the EU General Data Protection Regulation, giving you control over your personal data.
ISO 27001 Certified
Our information security management system is certified to the ISO 27001 international standard.
Reliability
Built to stay up
TagoIO publishes a Service Level Agreement with a 99.9% monthly uptime commitment for eligible accounts, which is no more than about 43 minutes of unavailability per month. A live system status page shows real-time and historical availability.
TagoDeploy customers run on dedicated, single-tenant instances with high-availability options and automatic data backups, for workloads that need the highest reliability.
What is GDPR and How Does it Affect Your IoT Solution?
The General Data Protection Regulation (GDPR) is a privacy law enacted by the European Union in May 2018 to safeguard individuals' personal data and give them greater control over how it is collected, processed, and stored. GDPR applies to all organizations handling the personal data of EU residents, regardless of the organization's location, making it one of the strictest data protection laws globally. Key principles include the requirement for transparent consent, the right for individuals to access, correct, or delete their data, data minimization, and stringent security measures. As your trusted Data Processor, TagoIO is committed to helping you on your GDPR compliance journey.
GDPR Readiness is a Shared Responsibility
Under GDPR, both the Data Controller and the Data Processor share responsibility for protecting personal data, but they have distinct roles and obligations. The Data Controller (those who develop applications using our platform), who determines the purposes and methods of processing personal data, bears the primary responsibility for ensuring compliance with GDPR principles. The Data Processor (TagoIO), who processes data on behalf of the controller, must follow the controller's instructions, safeguard data through secure practices, and support the controller in fulfilling GDPR requirements. Both parties must cooperate to protect data and respond to data breaches.
TagoIO Product Capabilities
Data Retention Control
Set custom retention policies per bucket. Data is automatically purged when it expires, and you can delete it on demand at any time.
Learn MoreSingle Instance Architecture
Each TagoDeploy customer gets a dedicated instance with isolated resources, separate databases, and no shared infrastructure with other tenants.
Learn MoreData Subject Access Requests
Export or delete end-user data on request. Our APIs and admin tools make it easy to fulfill DSAR obligations within the required timeframes.
Learn More