Taimet is designed for sophisticated users. Security, data minimization, and operational integrity are foundational to how we build and operate the platform.

This page outlines how we protect customer information, how data flows through our system, and the controls we maintain to ensure confidentiality, integrity, and availability.

1. Data Minimization by Design

Taimet is intentionally designed to avoid handling non-public or proprietary customer information.

• Currently, the only input provided by users is the names of the two merging companies.

• All substantive analysis is performed using publicly available data sources and data available to the public to purchase (e.g., SEC filings, investor relations portals, press releases, news articles and other public materials).

• Customers do not upload documents or provide confidential business data.

• Taimet does not process trade secrets, internal financial data, or other sensitive corporate information.

2. AI & Model Usage

Taimet uses third-party large language model (LLM) providers to generate analytical outputs.

We maintain contractual agreements with our LLM providers that:

• Prohibit retention of Taimet data beyond processing needs

• Prohibit use of Taimet data for model training

• Prohibit use of Taimet data for any purpose other than providing the service

Taimet does not use customer data to train internal models.

3. Data Retention & Deletion

Active Accounts

Taimet retains customer analysis data, company inputs, and associated metadata for as long as a customer account remains active.

Account Termination

Upon account termination:

• Customers may access and/or export their data during a 30-day retrieval period.

• Following the retrieval period, Taimet will delete customer data within 30 days.

• Certain limited records (e.g., billing records) may be retained where required for legitimate business or legal purposes.

  
  

Customers may request full account deletion at any time by contacting support@taimet.com.

See our full Data Retention Policy.

4. Infrastructure & Hosting

Taimet is hosted on:

• Google Cloud Platform (GCP) – API hosting (managed via Encore.dev)

• Vercel – Frontend application hosting

  
  

Security controls include:

• Encryption in transit (TLS 1.2+)

• Encryption at rest

• Network isolation

• Role-based access controls

• Centralized logging

• Automated infrastructure deployment

5. Access Controls

Access to production systems is strictly limited.

• Currently, only the CTO has direct production database access.

• Access is restricted to authorized personnel with a defined business need.

• All infrastructure, code repositories, and database access require multi-factor authentication (MFA).

• All production actions are logged.

• Production, staging, and development environments are fully separated.

• Production data and credentials are never copied into non-production environments.

6. Backup & Availability

To ensure system availability and resilience:

• Encrypted backups of the production database are performed daily.

• Backup restoration procedures are tested periodically.

• Infrastructure is designed for redundancy and reliability.

7. Incident Response

Taimet maintains an incident response process designed to rapidly identify, contain, investigate, and remediate security incidents.

In the event of a confirmed material security incident affecting customer data:

• We will notify affected customers within 72 hours of confirmation.

• Notifications will include known scope, impact, and remediation steps.

• We will conduct a documented post-incident review and implement corrective actions as necessary.

Security concerns may be reported to: security@taimet.com

8. Subprocessors

Taimet engages carefully selected subprocessors to operate the service.

Current subprocessors include: