Trust & Security
This page is maintained by the Talcho team to answer common security and privacy questions about Talcho. It describes current practices and enabled controls — it is editable app content, not an independent certification.
Access & authentication
Talcho is an authenticated application. Every workspace member signs in with email and password before any patient or lab data is loaded.
Administrators can invite and remove staff accounts. Role checks are enforced server-side, not just in the browser.
Where data lives
Talcho stores practice data in a managed Postgres database provided by our hosting platform. Application traffic uses HTTPS in transit.
Row-level security policies scope every table so that staff only see data belonging to their workspace. Background jobs and admin tools use separate, audited credentials.
Data we collect
Talcho processes the patient, treatment, and lab-case information that your practice enters or imports, plus the staff account details needed to sign in. We do not sell this data or use it to train external models.
If your practice imports data from third-party tools (for example, a lab system), that data is held under the same access controls.
Retention & deletion
Practice data is retained for as long as your workspace is active. Admins can delete staff accounts from the Admin panel; please contact us if you need a full workspace export or deletion.
Shared responsibility
Talcho secures the application and platform controls described above. Your practice is responsible for managing who has staff accounts, using strong unique passwords, and handling patient data in line with the regulations that apply to your jurisdiction.
Talcho is not a substitute for legal, regulatory, or clinical advice and makes no certification of compliance with any specific framework on this page.
Reporting a security issue
If you believe you have found a security vulnerability in Talcho, please email the practice administrator who set up your workspace, or reach out to the Talcho team through the contact details shared with your practice. Please do not post vulnerability details publicly.
Last updated: 18 June 2026. This page is editable content maintained by the Talcho team.