Introduction
The Tau Foundation and Tau LLC are committed to protecting user data, communications, and digital freedom.
This whitepaper explains our security approach, written in plain language for everyone — from developers to everyday users.
1. Design Philosophy
- User First: Users own their data. We never sell or monetize personal data.
- Minimal Collection: We collect the least possible information to provide the service.
- Open Governance: Like the Linux Foundation, Tau is community-governed with independent oversight.
2. Security Layers
🔐 Encryption
- End-to-End Encryption (E2EE): All personal communications are encrypted before leaving a device.
- At Rest Encryption: Files stored on Tau servers are encrypted using AES-256.
- In Transit Encryption: TLS 1.3 protects all network traffic.
🛡 Access Control
- Zero Backdoors: No hidden access for governments or corporations.
- Role-Based Access: Staff access is limited and audited.
- User Notification: If your data is subject to legal request (unless forbidden by law), you'll be notified.
🧩 Isolation
- Each user's data is logically separated.
- Multi-tenancy risks are reduced through strict compartmentalization.
⚡ Incident Response
- 24/7 monitoring and logging.
- Breach protocols aligned with international best practices.
- Users notified of material breaches within 72 hours.
3. Independent Oversight
- The Tau Foundation oversees governance.
- External auditors review our practices yearly.
- Security improvements are published publicly.
4. Commitment
TauOS is built on trust.
Security is not just a feature — it is the foundation.
© 2025 Tau Foundation & Tau LLC
verify@tauos.org