Contents

Data sharing & project security

Tato is proudly SOC 2 compliant. Learn more in our Trust Center.

Data sharing

Interactions are meetings, chats, emails, project management app activity, and document activity. When an interaction is processed, people are given access to it in Tato — meaning they can navigate to it and that search, chat, and other features will use its content.

People are given access either through direct assignment (they were participants) or project assignment (the interaction is tagged to a project they're on).

Participants

When you are a participant in an interaction, Tato automatically gives you access to it through direct assignment after the meeting is processed.

Project security & tagging

When a project is created, people can be granted access to it. Anyone with project access will also have access to interactions tagged to that project.

Tagging happens automatically using a series of evaluations:

  1. Participant check — reduces candidate projects to those the participants have access to
  2. Direct reference check — looks for explicit callouts to a project in keywords and content
  3. AI content check — uses AI to evaluate relevance

The participant check is always first, which means auto-tagging can never assign a project outside the scope of what participants can already access. This protects sensitive project data.

Tag review inbox

When Tato isn't confident enough to tag a meeting automatically, it queues it for human review instead of forcing an uncertain assignment.

Each item shows the meeting, suggested projects, and the reasoning — attendees, title, and matched keywords. From there you can:

  • Tag — confirm a suggested project
  • Do not tag — reject a suggestion
  • Add project — add a project that wasn't suggested
  • Dismiss — dismiss without tagging

Any tag you apply manually is treated as authoritative and bypasses automated processing.

Pending tags on upcoming meetings

Your homepage shows upcoming meetings with predicted project tags and auto-join status. You can adjust or add tags before a meeting happens.

User permissions

Team members must have an active user account to access Tato. Direct assignment from an interaction doesn't grant platform access until an admin enables the account.

Single-tenant infrastructure

Each customer gets a dedicated single-tenant instance by default. Multi-tenant and specific data residency configurations are possible — hosted on Azure with data centers worldwide.

Examples

  1. Jane is invited to a meeting with Tato. She automatically has access to it after processing.
  2. Jane has access to a Jira ticket that is updated. When synced, she has access to the ticket activity.
  3. John, Jane, and Stacey are on "ERP 2.0". John and Jane meet with Tato. After the meeting, John and Jane get direct access. Once the meeting is tagged to "ERP 2.0", Stacey gains access via the project.
  4. John is on "ERP 2.0", Gary is on "IoT for Packing". If they meet with Tato, auto-tagging skips the participant check (inconclusive — both projects are in scope). It then looks for explicit references. If none are found, the meeting is not auto-tagged and no additional access is granted.

Questions? Reach out at support@tato.co.