At Tinkery, the security and privacy of your data are at the core of everything we build. We combine enterprise-grade infrastructure with strict data governance policies to give you peace of mind β whether youβre connecting CRMs, analyzing campaigns, or generating reports through the Workbench.
Data Storage & Encryption
Cloud infrastructure: Tinkery runs on Google Cloud Platform (GCP), leveraging ISO 27001 and SOC 2-compliant data centers.
Encryption at rest: All stored data is encrypted using AES with Customer-Managed Encryption Keys (CMEKs).
Encryption in transit: TLS, SSH, and HTTPS protect all communication channels.
API security: OAuth 2.0 authentication + encrypted credentials.
Data residency: You can choose your preferred region (EU, US, APAC) for compliance with GDPR and other local regulations.
Third-Party Integrations
Tinkery connects to external sources using Airbyte, and secures integrations through:
OAuth 2.0 for authentication
Token-based security (stored via Google Secret Manager)
End-to-end encryption for all data transfers
π Credentials are never stored in plain text and are encrypted at rest.
Use of AI & Large Language Models (LLMs)
Tinkery leverages LLMs for natural language interaction, contextual queries, and predictive analysis. To keep your data safe:
No customer data is stored by the AI provider
All AI processing is ephemeral and encrypted
Sensitive data is never sent unless explicitly required for a user task
Processing is sandboxed and runs in secure environments
We also use libraries for local, intelligent calculations β securely handled within the Tinkery environment.
Compliance & Certifications
Tinkery supports key global standards:
GDPR & CCPA: Full compliance with data access, erasure, and consent management
ISO 27001, 27017, 27018
SOC 1 / SOC 2 / SOC 3
Supports the EU AI Act (review our Data Processing Agreement for more)
Operational Resilience
Tinkery is built with high availability and disaster recovery in mind:
Automated daily incremental backups & weekly full backups
Real-time monitoring via Google Cloud Security Command Center
Data Governance & Access Control
We implement enterprise-grade governance tools:
Google IAM for role-based access
Full audit logs and data lineage tracking
Single Sign-On (SSO) via Google OAuth
MFA support coming in Q4 2025
Your Data, Your Rights
- No selling or sharing: We never monetize or resell your data
- Data deletion: Request deletion at any time
- Private processing environments: For enterprise customers, we will offer processing entirely within your own cloud environment
We're committed to making Tinkery secure, transparent, and compliant. For more details, check out our full Data Privacy Policy or reach out to help@tinkery.ai.