Onboarding
      Back to home
      1. Knowledge Base
      2. Onboarding

      Data Classification and Protection

      At Tai Software, a core principle of our security architecture is data minimization. We are committed to protecting our clients and their customers by ensuring that sensitive personal information never resides in the Tai Application.

      This section outlines our formal data classification policy and practices, which verify our commitment to this principle.

      Our Stance on Sensitive Data: Zero Storage

      To be unequivocally clear: Tai Software's TMS platform does not store any Personal Information (PI), Personally Identifiable Information (PII), payment card data, or any data falling under the scope of GDPR.

      When payment or personal information is required for a transaction, it is handled in a transient (in-memory) manner and transmitted directly via an encrypted channel to our fully vetted, PCI-compliant payment processing partners, such as Global Payments and Authorize.NET. Our systems only retain non-sensitive, anonymized tokens to reference transactions. This design removes our platform from the scope of storing sensitive cardholder or personal data, providing a more secure environment for everyone.

      For a comprehensive overview of our data practices, please review our official Privacy Policy.

      Data Classification Levels

      To ensure all data is handled appropriately, we have implemented a formal data classification policy. All data processed by our systems is identified and classified into one of the following protection levels:

      • Level 1: Public Data

        • Description: Information intended for public consumption.

        • Examples: Marketing materials, published knowledge base articles, anonymized industry statistics.

        • Protection: No specific data protection controls are required.

      • Level 2: Internal Operational Data

        • Description: Data related to the operation of the Tai platform and our business that is not sensitive in nature. This constitutes the vast majority of data within our platform.

        • Examples: Anonymized transaction logs, system configuration settings, internal business process documentation, carrier and load information that does not contain personal data.

        • Protection: This data is protected by strict access controls, requires authentication, and is encrypted at rest and in transit to prevent unauthorized access.

      • Level 3: Sensitive & Regulated Data (Transient Use Only)

        • Description: Any data that could be classified as PI, PII, financial information (e.g., credit card numbers), or is subject to regulations such as GDPR.

        • Examples: Customer names, credit card details, personal contact information.

        • Protection: This data is identified and segregated by our systems for the sole purpose of secure, immediate transmission to a validated third-party service provider. It is never written to disk or stored in any database on Tai Software infrastructure. All handling is done within secure, encrypted memory for the shortest possible duration required to complete the transaction.