TofuPilot

Security

At TofuPilot, we prioritize the security and privacy of our customers' data.

We are committed to maintaining the highest standards of information security and compliance. This document outlines our practices and measures to ensure the confidentiality, integrity, and availability of your data.

We leverage AWS infrastructure in Europe and the United States to provide secure, scalable, and reliable cloud storage solutions. AWS is renowned for its comprehensive security measures, compliance with international standards, and robust infrastructure.

For those preferring an on-premise solution, we offer a fully managed deployment. Contact our team to learn more.

Access Control

We enforce strict access control measures to ensure that only authorized personnel can access sensitive data.

  • Role-Based Access Control (RBAC): Access permissions are granted based on job roles and responsibilities.
  • Multi-Factor Authentication (MFA): Additional layers of security to verify user identities.
  • Regular Access Reviews: Periodic reviews and audits of access rights to maintain compliance and security.

Data Encryption

To protect data both in transit and at rest, we employ advanced encryption techniques.

  • Encryption in Transit: Data is encrypted using TLS (Transport Layer Security) during transmission.
  • Encryption at Rest: Sensitive data is encrypted using industry-standard algorithms while stored in our databases.

Backup and Disaster Recovery

To ensure the safety and availability of your data, we have implemented a robust backup and disaster recovery strategy.

  • Daily Backups: We maintain complete backups of our databases for up to 3 months.
  • Replication: Backups are replicated across multiple data centers located to ensure data durability and availability.
  • Disaster Recovery Objectives: We have a Recovery Point Objective (RPO) of 24 hours.

Database Security

Our database security measures are designed to protect data integrity and prevent unauthorized access.

  • Row-Level Security: Ensures users can only access specific rows of data based on their permissions.
  • Access Control: Complete isolation between databases on the same cluster to prevent cross-database access.

Authentication and Authorization

We ensure that only authorized users can access our systems and that their credentials are securely managed.

  • Secure Authentication: We use modern methods like OAuth, avoiding password storage.
  • Secure Transmission: Login credentials are always transmitted securely via HTTPS.

Network and Infrastructure Security

We implement robust measures to ensure the security and availability of our network and infrastructure.

  • DDoS Mitigation: Multi-layered protection to maintain service availability during large-scale attacks.
  • Web Application Firewall (WAF): Guards against common web exploits like SQL injection and XSS.
  • Rate Limiting and IP Blocking: Controls request frequency and blocks malicious IP addresses.
  • Automatic Failover: Reroutes traffic to the nearest region during incidents, minimizing downtime.
  • Continuous Monitoring and Audits: Regular updates and real-time monitoring to detect and mitigate vulnerabilities.

Physical Security

Our data centers are protected by robust physical security measures, including:

  • Controlled Access: Strict access controls to data center facilities.
  • Surveillance: Continuous monitoring and surveillance of data center premises.
  • Environmental Controls: Measures to protect against environmental threats such as fire, flood, and power outages.

Banking Information Security

We ensure the secure processing and storage of payment information.

  • PCI Compliance: Credit card data is securely processed by our PCI-compliant payment provider, ensuring no sensitive payment data is stored on our systems.

Data Encryption

We use advanced encryption methods to ensure the security and confidentiality of your data.

  • SSL 256-bit Encryption: Protects data in transit.
  • AES-256 Encryption: Secures data at rest, including backups.
  • SSL Certificates: 2048-bit modulus with SHA-2 certificate chains.

ISMS

We have established an Information Security Management System (ISMS) to systematically manage sensitive data, ensuring it remains secure. This system includes regular risk assessments, comprehensive policies and procedures, and ongoing improvement efforts.

Was this page helpful?