Security — Tyndall

All systems operational99.9% uptime SLA

1.Overview

Tyndall is built to handle the data private lenders, fund administrators, and investor relations teams can't afford to get wrong — KYC records, loan documents, capital activity, and personally identifiable investor information. Security isn't a layer we added on top of the platform; it's built into how every module stores, transmits, and grants access to data.

Encrypted by default

Data is encrypted in transit and at rest across every module, with no opt-out.

Least-privilege access

Role-based permissions scoped down to the record level, not just the module level.

Audited continuously

Every action against investor and loan records is logged and attributable.

Built for compliance

Workflows map to the regulatory obligations private credit firms already operate under.

2.Infrastructure

Tyndall runs on infrastructure architected for financial services workloads, with isolation between client environments and no shared database access across firms.

Hosted on infrastructure with redundancy across multiple availability zones
Automated backups with point-in-time recovery
Network-level isolation between client environments
Infrastructure changes are version-controlled and peer-reviewed before deployment

3.Encryption

All data is encrypted both in transit and at rest:

In transit: TLS 1.2+ for all client and API connections
At rest: AES-256 encryption for all stored data, including documents, KYC records, and backups
Document storage: Uploaded files (loan documents, KYC, subscription agreements) are encrypted at the object level, not just at the disk level

4.Access Control

Access to client data is governed by role-based permissions, scoped to what each user actually needs:

Granular, role-based access control down to module and record level
Single sign-on (SSO) and multi-factor authentication (MFA) available for all client accounts
Internal employee access to client data is logged and limited to support and engineering staff on a need-to-know basis
Session timeouts and device-level controls configurable per firm

5.Compliance

Tyndall's compliance workflows are built around the regulatory frameworks private lenders and exempt market dealers already operate under, and our own internal controls are independently assessed.

SOC 2Type IIIn progress

PIPEDAAlignedCanada

KYC / AMLWorkflow supportBuilt-in

GDPRAlignedEU data subjects

Compliance reports and documentation are available to clients and prospective clients under NDA — contact your account representative or support@tyndall.app to request access.

6.Monitoring & Incident Response

Our systems are monitored continuously, and we maintain a documented incident response process with defined severity levels and response targets.

Uptime Guarantee

99.9% monthly uptime

Scheduled Maintenance

48 hours' advance notice

Critical Incidents

1 hr response / 8 hrs resolution target

High Severity

4 hrs response / 24 hrs resolution target

Client Notification

Affected clients notified without undue delay following confirmation of any incident involving their data

7.Data Handling & Portability

Client data belongs to the client. Upon written request, we provide a complete export of your data in a standard format, and we cooperate in good faith to support a smooth transition if you ever discontinue use of the platform. We do not sell client or investor data, and we do not share it with third parties beyond what's needed to operate the service — see our Privacy Policy for full detail.

8.Report a Vulnerability

If you believe you've found a security vulnerability in Tyndall, we want to hear from you. Please report it responsibly — we ask that you do not access or modify data that isn't yours, and that you give us a reasonable window to investigate and remediate before any public disclosure.

Security Contact

Email: support@tyndall.app

Security at Tyndall