Form
Form
Form

Security Policy

Form

1. Purpose

The purpose of this Information Security Policy is to protect the confidentiality,  integrity, and availability of Tesari’s information assets, systems, and customer data. 

 

2. Scope

This policy applies to:

  • All Tesari users and clients
  • All Tesari employees, founders, contractors, and third parties
  • All systems, infrastructure, and applications supporting Tesari services
  • All customer data, OSINT-derived data, and internal business information

 

3. Security Governance & Responsibilities

Tesari maintains an information security function responsible for:

  • Security policies and control implementation
  • Risk assessments and compliance
  • Oversight of incident response

Every user, client, employee and contractor is responsible for secure handling of data, reporting incidents, and protecting credentials.

 

4. Risk Management

Tesari performs regular risk assessments to identify threats, vulnerabilities, and potential business impact. Mitigation plans are documented and tracked internally.

 

5. Data Classification & Handling

Data is classified into:

  1. Public OSINT Data
  2. Customer Confidential Data
  3. Tesari Confidential Data
  4. Sensitive Operational Data
  5.  

Rules include:

  • Encryption at rest and in transit
  • Least-privilege access
  • Retention and secure deletion processes

 

6. Access Control & Identity Management

Tesari enforces:

  • Unique identities for all users
  • MFA where supported
  • Role-Based Access Control (RBAC)
  • Joiner/mover/leaver workflows
  • Regular access reviews

 

7. Infrastructure & Platform Security

Controls include:

  • Secure cloud infrastructure
  • Network segmentation
  • Host hardening and timely patching
  • Centralized logging and monitoring
  • Backup and recovery readiness

 

8. Application & AI Security

Tesari applies a secure development lifecycle with:

  • Code reviews and automated scanning
  • Secrets management
  • Environment separation (dev/stage/prod)
  • AI guardrails to prevent cross-tenant data exposure

 

9. Data Protection & Privacy

9.1 Encryption

All data is encrypted in transit (TLS) and at rest.

 

9.2 Data Minimization & Retention

Non-essential data is minimized, and defined retention periods apply.

 

9.3 Search Request Logging & User-Controlled De-Linking

Tesari logs all investigation requests, outputs and related system metadata  (timestamps, activity logs, query parameters) for security, auditing, abuse detection,  and operational reliability. 

Each logged request is temporarily associated with the user account to support: 

  • Report retrieval 
  • Case history continuity 
  • Fraud and abuse monitoring 

 

Users maintain full control over stored investigations. 

 

When a user deletes a report, Tesari will: 

  • Permanently delete the report from the user workspace 
  • Permanently remove the link between the user identity and the logged  search event 
  • Retain only anonymized operational logs required for security,  troubleshooting, and system integrity 

 

This ensures users can wipe the connection between themselves and specific  investigations while preserving essential system-level telemetry. 

9.4 Confidentiality 

Customer investigation data is never shared with third parties except where legally  required or contractually agreed.

10. Third-Party & Vendor Management 

Tesari evaluates vendors for security posture, contractual protections, and access  limitations. Third-party access is restricted to essential operations only. 

 

11. Logging, Monitoring & Incident Response

TESARI AI: OSINT COPILOT 

Tesari logs: 

  • Access events 
  • Administrative actions 
  • Security-relevant system activity 
  • AI/agentic operations relevant to investigations 

An Incident Response Plan outlines procedures for detection, escalation,  remediation, and customer notification where required. 

 

12. Business Continuity & Disaster Recovery Tesari maintains: 

  • Regular backups 
  • Redundant infrastructure where applicable 
  • Documented restoration procedures 

 

13. Customer Responsibilities 

Customers must: 

  • Manage their user access 
  • Protect their credentials 
  • Validate investigative findings independently 
  • Use Tesari within legal and ethical boundaries 
  • Use Tesari in accordance with applicable United States laws and regulations. 15. Policy Review 

This policy is reviewed annually or upon significant changes to Tesari systems,  operations, or legal requirements.

14. Policy Review 

This policy is reviewed annually or upon significant changes to Tesari systems,  operations, or legal requirements.

ic_menu
Form
Form
Form

Security Policy

Form

1. Purpose

The purpose of this Information Security Policy is to protect the confidentiality,  integrity, and availability of Tesari’s information assets, systems, and customer data. 

 

2. Scope

This policy applies to:

  • All Tesari users and clients
  • All Tesari employees, founders, contractors, and third parties
  • All systems, infrastructure, and applications supporting Tesari services
  • All customer data, OSINT-derived data, and internal business information

 

3. Security Governance & Responsibilities

Tesari maintains an information security function responsible for:

  • Security policies and control implementation
  • Risk assessments and compliance
  • Oversight of incident response

Every user, client, employee and contractor is responsible for secure handling of data, reporting incidents, and protecting credentials.

 

4. Risk Management

Tesari performs regular risk assessments to identify threats, vulnerabilities, and potential business impact. Mitigation plans are documented and tracked internally.

 

5. Data Classification & Handling

Data is classified into:

  1. Public OSINT Data
  2. Customer Confidential Data
  3. Tesari Confidential Data
  4. Sensitive Operational Data
  5.  

Rules include:

  • Encryption at rest and in transit
  • Least-privilege access
  • Retention and secure deletion processes

 

6. Access Control & Identity Management

Tesari enforces:

  • Unique identities for all users
  • MFA where supported
  • Role-Based Access Control (RBAC)
  • Joiner/mover/leaver workflows
  • Regular access reviews

 

7. Infrastructure & Platform Security

Controls include:

  • Secure cloud infrastructure
  • Network segmentation
  • Host hardening and timely patching
  • Centralized logging and monitoring
  • Backup and recovery readiness

 

8. Application & AI Security

Tesari applies a secure development lifecycle with:

  • Code reviews and automated scanning
  • Secrets management
  • Environment separation (dev/stage/prod)
  • AI guardrails to prevent cross-tenant data exposure

 

9. Data Protection & Privacy

9.1 Encryption

All data is encrypted in transit (TLS) and at rest.

 

9.2 Data Minimization & Retention

Non-essential data is minimized, and defined retention periods apply.

 

9.3 Search Request Logging & User-Controlled De-Linking

Tesari logs all investigation requests, outputs and related system metadata  (timestamps, activity logs, query parameters) for security, auditing, abuse detection,  and operational reliability. 

Each logged request is temporarily associated with the user account to support: 

  • Report retrieval 
  • Case history continuity 
  • Fraud and abuse monitoring 

 

Users maintain full control over stored investigations. 

 

When a user deletes a report, Tesari will: 

  • Permanently delete the report from the user workspace 
  • Permanently remove the link between the user identity and the logged  search event 
  • Retain only anonymized operational logs required for security,  troubleshooting, and system integrity 

 

This ensures users can wipe the connection between themselves and specific  investigations while preserving essential system-level telemetry. 

9.4 Confidentiality 

Customer investigation data is never shared with third parties except where legally  required or contractually agreed.

10. Third-Party & Vendor Management 

Tesari evaluates vendors for security posture, contractual protections, and access  limitations. Third-party access is restricted to essential operations only. 

 

11. Logging, Monitoring & Incident Response

TESARI AI: OSINT COPILOT 

Tesari logs: 

  • Access events 
  • Administrative actions 
  • Security-relevant system activity 
  • AI/agentic operations relevant to investigations 

An Incident Response Plan outlines procedures for detection, escalation,  remediation, and customer notification where required. 

 

12. Business Continuity & Disaster Recovery Tesari maintains: 

  • Regular backups 
  • Redundant infrastructure where applicable 
  • Documented restoration procedures 

 

13. Customer Responsibilities 

Customers must: 

  • Manage their user access 
  • Protect their credentials 
  • Validate investigative findings independently 
  • Use Tesari within legal and ethical boundaries 
  • Use Tesari in accordance with applicable United States laws and regulations. 15. Policy Review 

This policy is reviewed annually or upon significant changes to Tesari systems,  operations, or legal requirements.

14. Policy Review 

This policy is reviewed annually or upon significant changes to Tesari systems,  operations, or legal requirements.

Apply for early access

Form

For Enterprice

Form
Form
Form

Security Policy

Form

1. Purpose

The purpose of this Information Security Policy is to protect the confidentiality,  integrity, and availability of Tesari’s information assets, systems, and customer data. 

 

2. Scope

This policy applies to:

  • All Tesari users and clients
  • All Tesari employees, founders, contractors, and third parties
  • All systems, infrastructure, and applications supporting Tesari services
  • All customer data, OSINT-derived data, and internal business information

 

3. Security Governance & Responsibilities

Tesari maintains an information security function responsible for:

  • Security policies and control implementation
  • Risk assessments and compliance
  • Oversight of incident response

Every user, client, employee and contractor is responsible for secure handling of data, reporting incidents, and protecting credentials.

 

4. Risk Management

Tesari performs regular risk assessments to identify threats, vulnerabilities, and potential business impact. Mitigation plans are documented and tracked internally.

 

5. Data Classification & Handling

Data is classified into:

  1. Public OSINT Data
  2. Customer Confidential Data
  3. Tesari Confidential Data
  4. Sensitive Operational Data
  5.  

Rules include:

  • Encryption at rest and in transit
  • Least-privilege access
  • Retention and secure deletion processes

 

6. Access Control & Identity Management

Tesari enforces:

  • Unique identities for all users
  • MFA where supported
  • Role-Based Access Control (RBAC)
  • Joiner/mover/leaver workflows
  • Regular access reviews

 

7. Infrastructure & Platform Security

Controls include:

  • Secure cloud infrastructure
  • Network segmentation
  • Host hardening and timely patching
  • Centralized logging and monitoring
  • Backup and recovery readiness

 

8. Application & AI Security

Tesari applies a secure development lifecycle with:

  • Code reviews and automated scanning
  • Secrets management
  • Environment separation (dev/stage/prod)
  • AI guardrails to prevent cross-tenant data exposure

 

9. Data Protection & Privacy

9.1 Encryption

All data is encrypted in transit (TLS) and at rest.

 

9.2 Data Minimization & Retention

Non-essential data is minimized, and defined retention periods apply.

 

9.3 Search Request Logging & User-Controlled De-Linking

Tesari logs all investigation requests, outputs and related system metadata  (timestamps, activity logs, query parameters) for security, auditing, abuse detection,  and operational reliability. 

Each logged request is temporarily associated with the user account to support: 

  • Report retrieval 
  • Case history continuity 
  • Fraud and abuse monitoring 

 

Users maintain full control over stored investigations. 

 

When a user deletes a report, Tesari will: 

  • Permanently delete the report from the user workspace 
  • Permanently remove the link between the user identity and the logged  search event 
  • Retain only anonymized operational logs required for security,  troubleshooting, and system integrity 

 

This ensures users can wipe the connection between themselves and specific  investigations while preserving essential system-level telemetry. 

9.4 Confidentiality 

Customer investigation data is never shared with third parties except where legally  required or contractually agreed.

10. Third-Party & Vendor Management 

Tesari evaluates vendors for security posture, contractual protections, and access  limitations. Third-party access is restricted to essential operations only. 

 

11. Logging, Monitoring & Incident Response

TESARI AI: OSINT COPILOT 

Tesari logs: 

  • Access events 
  • Administrative actions 
  • Security-relevant system activity 
  • AI/agentic operations relevant to investigations 

An Incident Response Plan outlines procedures for detection, escalation,  remediation, and customer notification where required. 

 

12. Business Continuity & Disaster Recovery Tesari maintains: 

  • Regular backups 
  • Redundant infrastructure where applicable 
  • Documented restoration procedures 

 

13. Customer Responsibilities 

Customers must: 

  • Manage their user access 
  • Protect their credentials 
  • Validate investigative findings independently 
  • Use Tesari within legal and ethical boundaries 
  • Use Tesari in accordance with applicable United States laws and regulations. 15. Policy Review 

This policy is reviewed annually or upon significant changes to Tesari systems,  operations, or legal requirements.

14. Policy Review 

This policy is reviewed annually or upon significant changes to Tesari systems,  operations, or legal requirements.

Apply for early access

Form

For Enterprice