We place a high priority on protecting the security and privacy of your data, and we have taken the most effective steps to do so using both technical and substantive methods.
All Toolyt personnel are required to go through protection training, mainly designed for a cloud-hosted setup. An effective awareness training program addresses cybersecurity mistakes to keep the system files protected.
We conduct regular penetration tests to ensure our security posture and uncover potential vulnerabilities using the services of an independent and certified third-party VAPT service.
For third-party software and services, we examine them periodically and apply patches. As and when vulnerabilities are discovered we apply the fixes within pre-defined SLAs.
Toolyt uses a role-based access control (RBAC) system to protect data access, so users can only view data to which they have permission. Users can’t view data from organizations other than their own.
Access to production infrastructure requires multi-factor authentication and is restricted to authorized personnel only. Access to customer data is limited to those employees necessary to provide support and troubleshooting on behalf of customers.
Toolyt's infrastructure is provided by AWS and Microsoft Azure, both are secure cloud services platforms. both physical infrastructures have been accredited under SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.
Toolyt's infrastructure is powered by AWS and Microsoft Azure, both of which are secure cloud services platforms. both physical infrastructures have been accredited under SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.
All sensitive data is encrypted with AES at rest. All user passwords are securely hashed. Passwords are never stored in plain text.
Encryption in Transit
With 128-bit SSL/TLS encryption, all communication between you and our servers is protected. To ensure end-to-end security for data transmission and storage, we use industry-standard encryption.
The security of our system is of utmost importance to us. If you find a security issue, please contact firstname.lastname@example.org. At the earliest opportunity, we will ensure that the issue is fixed and updated.