Investor diligence
Trust is part of the product, not an afterthought.
TALLO handles candidate data, employer intent and commercial hiring events. The product must therefore be built around consent, restricted visibility, moderation and auditability.
Prototype controls are live
Candidate consent, anonymous browse, admin approval, active/inactive visibility and audit events are already part of the workflow.
Privacy-by-design
Employer browse does not expose candidate names, emails, phone numbers or exact addresses.
Moderation gate
Candidate profiles only become visible to employers after admin review and approval.
Audit evidence
Important platform events are timestamped for later review, disputes and investor due diligence.
Hardening still required
What must be completed before public launch
Legal: POPIA review, final privacy policy, final terms, candidate consent wording and employer agreement.
Security: penetration test, role-access review, session hardening, rate limits, error handling and secrets review.
Data governance: retention policy, deletion workflow, export workflow and admin access rules.
Commercial controls: fee trigger rules, payment workflow, refund/credit process and employer declaration logs.
Current safe use
Closed pilot with trusted candidates and employers. No sensitive documents should be uploaded at this stage.
Not yet ready for
Open public launch, enterprise procurement, large-scale candidate data intake or paid commercial roll-out without further legal and security work.