From 2058b5b9c234f38135a2b41034f24268c7631432 Mon Sep 17 00:00:00 2001 From: Anukiran Date: Mon, 9 Mar 2026 11:33:39 -0500 Subject: [PATCH 1/4] add security info --- docs/reference/security.md | 56 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 docs/reference/security.md diff --git a/docs/reference/security.md b/docs/reference/security.md new file mode 100644 index 0000000..f8385ab --- /dev/null +++ b/docs/reference/security.md @@ -0,0 +1,56 @@ +--- +title: Security +description: Tailor Platform Security +--- + +# Security at Tailor Technologies. inc + +As a provider of platform solutions to enterprise customers, Tailor is committed to ensuring platform security through both Enterprise and Product security approaches. + +## Enterprise security + +Tailor's enterprise security approach involves securing our infrastructure, protecting customer data, and maintaining strict access controls ([RBAC](#role-based-access-control-rbac)). To achieve this, we use network segmentation, firewalls, and intrusion detection systems ([Endpoint protection](#endpoint-protection)), as well as conducting third-party security assessments ([Vendor Security](#vendor-security)). We also provide regular security education and training to our employees to stay up-to-date on best practices and safeguard against potential threats ([Security education](#security-education)). + +### Role-based access control (RBAC) + +Tailor employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application. + +### Endpoint protection + +All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates. + +### Vendor Security + +Tailor assesses the security risk of vendors based on factors such as their access to customer and corporate data and their integration with production environments. We use this information to determine the inherent risk rating of the vendor. Finally, we evaluate the vendor's security to determine the residual risk rating and decide whether to approve the vendor. + +### Security education + +Tailor provides comprehensive security training to all employees upon onboarding and annually through educational modules. Tailor's security team shares threat briefings with employees to inform them of important security and safety-related updates that require special attention or action. + +--- + +## Product Security + +Tailor's product security approach includes the protection of customer data through encryption ([Data Encryption](#data-encryption)) and vulnerability assessments ([Vulnerability](#vulnerability)). These measures help ensure that customer data is protected from unauthorized access and potential security risks are identified and addressed in a timely manner. + +### Data Encryption + +At Tailor, the security of customer data is a top priority. To ensure its protection from unauthorized access, we use AES-256 encryption to encrypt all customer data at rest, and TLS encryption during transit. These industry-standard encryption protocols are designed to keep customer data secure at all times. + +### Vulnerability + +To proactively identify and address potential security risks, Tailor performs regular vulnerability assessments. Any vulnerabilities that directly affect our systems and services are promptly patched or remediated based on the severity of the issue and the availability of a patch or remediation instructions. + +### Status Page + +For the product status page, we use [Statuspage](https://tailortech.statuspage.io/), a third-party service that provides a public status page for Tailor. + +### Release Notes + +For Release Notes, please see [here](https://updates.tailor.tech/). + +## SOC 2 + +Tailor complies with SOC2, which is a compliance framework by the American Institute of Certified Public Accountants' (AICPA). + +Potential customers can reach out to us for more information. From 9ae84a6889deb9ae2b69ab4c7f99aed7c399300b Mon Sep 17 00:00:00 2001 From: Anukiran Date: Mon, 9 Mar 2026 11:37:22 -0500 Subject: [PATCH 2/4] add domain --- schema.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/schema.yml b/schema.yml index c733870..dd37df7 100644 --- a/schema.yml +++ b/schema.yml @@ -39,6 +39,7 @@ links: - portal.azure.com - www.npmjs.com - sonner.emilkowal.ski + - tailortech.statuspage.io blocked_domains: [] # block links to these domains # Heading validation rules From a39a63b1cd79b1f38054e255f56badf7c62476be Mon Sep 17 00:00:00 2001 From: Anukiran Date: Mon, 9 Mar 2026 11:40:55 -0500 Subject: [PATCH 3/4] update workflow --- .github/workflows/app-shell-sync.yml | 10 +++++----- .github/workflows/sdk-docs-sync.yml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/app-shell-sync.yml b/.github/workflows/app-shell-sync.yml index 1199890..8e8f308 100644 --- a/.github/workflows/app-shell-sync.yml +++ b/.github/workflows/app-shell-sync.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout current repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: - path: docs-v2 + path: docs - name: Checkout app-shell repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -34,15 +34,15 @@ jobs: node-version: "24" - name: Install dependencies for docs-sync script - working-directory: docs-v2/scripts/docs-sync + working-directory: docs/scripts/docs-sync run: npm ci - name: Sync the docs files - working-directory: docs-v2/scripts/docs-sync + working-directory: docs/scripts/docs-sync run: npm start -- app-shell - name: Check for changes - working-directory: docs-v2 + working-directory: docs id: git_diff run: | git config --global --add safe.directory $PWD @@ -57,7 +57,7 @@ jobs: if: steps.git_diff.outputs.changed == 'true' uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: - path: docs-v2 + path: docs token: ${{ secrets.PAT_TOKEN }} commit-message: Update App Shell pages branch: update-app-shell-pages diff --git a/.github/workflows/sdk-docs-sync.yml b/.github/workflows/sdk-docs-sync.yml index 366cec8..8eabcf2 100644 --- a/.github/workflows/sdk-docs-sync.yml +++ b/.github/workflows/sdk-docs-sync.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout current repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: - path: docs-v2 + path: docs - name: Checkout sdk repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -34,15 +34,15 @@ jobs: node-version: "24" - name: Install dependencies for docs-sync script - working-directory: docs-v2/scripts/docs-sync + working-directory: docs/scripts/docs-sync run: npm ci - name: Sync the docs files - working-directory: docs-v2/scripts/docs-sync + working-directory: docs/scripts/docs-sync run: npm start -- sdk - name: Check for changes - working-directory: docs-v2 + working-directory: docs id: git_diff run: | git config --global --add safe.directory $PWD @@ -56,7 +56,7 @@ jobs: if: steps.git_diff.outputs.changed == 'true' uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: - path: docs-v2 + path: docs token: ${{ secrets.PAT_TOKEN }} commit-message: Update SDK pages branch: update-sdk-pages From 52dcfa1fd63ee6548799747870f357323f426152 Mon Sep 17 00:00:00 2001 From: Anukiran Date: Mon, 9 Mar 2026 11:48:08 -0500 Subject: [PATCH 4/4] Update pr-checks.yml --- .github/workflows/pr-checks.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 73de0dc..5655a1f 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -25,6 +25,9 @@ jobs: - name: Install dependencies run: pnpm install + - name: Typecheck + run: pnpm typecheck + - name: Lint run: pnpm lint