Security Policy

1. Information Security Management

Tellexa maintains a structured information security programme designed to protect the confidentiality, integrity, and availability of information processed through the Services. Tellexa implements commercially reasonable security measures informed by recognised industry standards. Any reference to standards, including ISO/IEC 27001, is provided for guidance only and does not constitute certification or a warranty of compliance unless expressly stated.

2. Data Encryption

In Transit

Data transmitted between user devices and Tellexa systems is encrypted using industry-standard transport encryption protocols, including TLS 1.3.

At Rest

Stored data is protected using strong encryption mechanisms, including AES-256, where appropriate.

3. Infrastructure Security

Tellexa’s services are hosted on enterprise-grade cloud infrastructure that implements physical, technical, and administrative safeguards, including:

network firewalls and traffic filtering

intrusion detection and monitoring systems

redundancy and availability controls

secure backup and recovery processes

These controls are intended to reduce common security risks, but cannot eliminate all risk. These measures are implemented on a commercially reasonable basis. Tellexa does not warrant uninterrupted availability, prevention of all unauthorised access, or absolute data security.

4. Access Controls

Access to systems and customer data is restricted to authorised personnel based on role and necessity, supported by:

role-based access control (RBAC)

multi-factor authentication for privileged access

logging and monitoring of administrative activity

5. Application Security

Security is incorporated throughout the development lifecycle, including:

secure coding practices and peer review

dependency and vulnerability monitoring

periodic security testing and assessments

6. AI & Data Privacy Controls

Customer data is logically isolated between customers

AI processing is performed only to deliver requested service functionality

Customer data is not used to train AI models for other customers

Where third-party AI providers are engaged, they act under contractual confidentiality and security obligations

Further details regarding data processing are set out in the Privacy Policy.

7. Compliance and Data Protection

Tellexa implements security measures designed to support compliance with applicable data protection laws, including POPIA. Responsibility for lawful data collection, lawful basis, and compliance with applicable data protection laws remains with customers acting as Responsible Parties. Customers remain solely responsible for ensuring that their collection, submission, and use of personal information complies with applicable law. Tellexa does not independently verify the legality of customer data.

8. Incident Management

Tellexa maintains documented incident response procedures intended to identify, contain and remediate security events. Where required by law or contract, affected customers will be notified of confirmed material security incidents affecting customer data, as determined by Tellexa acting reasonably, without undue delay.

9. Security Awareness

Security is a shared responsibility. Tellexa personnel receive security awareness training and are required to follow internal security policies and procedures.

10. Responsible Disclosure

We encourage responsible disclosure of potential security vulnerabilities.

Email: security@tellexa.ai

Reported issues are reviewed and handled in accordance with our internal security processes.

11. No Security Guarantee

No online service is completely secure. Tellexa does not guarantee that the Services will be immune from cyber incidents, data loss, unauthorised access, or service interruption.

12. Relationship to Other Policies

This Security Policy is provided for informational purposes and does not modify or override the Terms of Service or Privacy Policy.