Skip to main content
This is an Enterprise plan feature. The Enterprise plan adds the security, organization management, and integrations your company needs on top of everything in the Team plan. You can unify login with your corporate identity provider, govern several workspaces from one place, and connect Tiro to your internal systems. See what’s possible at a glance below, then follow each link for the details. Enterprise is a consultation-based plan. We review your organization’s requirements and design the setup with you, so contact us when you see a capability you need.

Unify login with your corporate accounts

SAML 2.0 single sign-on connects Tiro to your corporate identity system. Connect an IdP like Okta, Azure AD (Microsoft Entra ID), or Google Workspace, and your people sign in to Tiro with one company account.
  • SSO (SAML 2.0): Sign in with a company account, with access kept in sync with your IdP policies. You can also enforce SSO-only login and block other sign-in methods.
  • SCIM provisioning: Sync users automatically with your IdP. When someone joins or leaves, their Tiro account is created or cleaned up automatically.
  • MFA (multi-factor authentication): Strengthen account security with OTPs, authenticator apps, or hardware keys.
For setup and closed-network support, see Organization security settings.

Control access

Restrict who connects, from where, and on which device, to match your organization’s policies.
  • IP allowlist: Allow access only from approved IP ranges, so only office or VPN traffic gets through.
  • Session and device controls: Set session lifetime, concurrent session limits, and device registration limits as policy.
  • Mobile screen capture protection: Block screenshots inside the mobile app and log every attempt.

Protect sharing and personal information

Keep notes from leaving your organization by governing share scope and personal data with policy.
  • External sharing controls: Open sharing only to approved company domains, and set caps on share scope and link lifetime. Revoke active links from one place. For details, see Share link security.
  • PII masking: Automatically hide sensitive identifiers like national IDs, phone numbers, and account numbers in new notes. This option fits environments where personal data comes up often, such as call centers.

Manage multiple workspaces in one place

Govern policy from one place even when your organization is split across several workspaces.
  • Usage dashboard: See usage across the organization and by team at a glance.
  • Bulk policy: Apply settings like data retention windows, external sharing domains, and session lifetime across the whole organization. You don’t have to touch each workspace one by one.
For roles and permissions within the organization, see Roles and permissions.

Handle data to meet your compliance needs

Configure how data is stored, retained, and deleted to match your organization’s compliance requirements.
  • Data retention policy: Set retention windows by domain (for example, 90, 180, or 365 days), with automatic deletion when the window closes.
  • Complete deletion and erasure receipts: On account closure or a deletion request, data is removed irreversibly, and the request through completion is logged as a JSON or PDF receipt.
  • Audit logs: Keep user and admin activity logs (with configurable retention) and integrate directly with your security monitoring through CSV/JSON export or a SIEM (Splunk, Datadog, Sumo Logic, Elastic, and others).
  • Vendor routing allowlist: Choose which LLM and STT vendors are available, and configure rules like Korea-only routing to meet data sovereignty requirements.
  • Dedicated cloud: Discuss a physically isolated, dedicated environment and additional security options.
Baseline data storage and security (storage in the AWS Seoul region, encryption at rest, no use of your data for AI training) are the same on every plan. See Privacy and security.

Connect to your internal systems

Connect Tiro to your internal workflows with integration options.
  • Dedicated API and webhooks: Pull note, transcript, and summary data into your internal systems, or build a custom integration that fits your organization’s requirements.
  • Shared login domain: Run login through a shared corporate domain.
To build an integration yourself, see API overview, MCP overview, and Webhooks overview.

Onboarding and support

  • Custom onboarding and a hotline: Get custom onboarding sessions through a dedicated hotline, with fast responses to security-related requests.
  • Service level agreement (SLA): A monthly 99.9% availability target, with service credits if it isn’t met.

Frequently asked questions

How do I start on the Enterprise plan?

Enterprise isn’t a plan you subscribe to with a card. It’s consultation-based. Reach out through the contact form or partners@theplato.io, and our sales team reviews your organization’s security and operations requirements and designs the setup with you.

How is the Team plan different from the Enterprise plan?

The Team plan is a self-service plan you subscribe to directly with a card, while Enterprise is a consultation-based plan for organizations that need SSO, security policies, and custom integrations. For a plan comparison, see Tiro plans.

Do I have to turn on every security feature?

No. You can pick only the features you need. During onboarding, we review your organization’s requirements and configure only the options you want.

Can I get security review materials?

Yes. Tiro holds ISO/IEC 27001:2022 certification and has completed a SOC 2 Type 1 audit. Security review materials such as audit reports, data locations, and the subprocessor list are provided after an NDA. Check the current certification status in the Trust Center, or contact our sales team.
Related pages: Organization security settings · Share link security · Tiro plans · Privacy and security