Security Policy

Revision Date: Aug 25, 2022

Our security policy

We take the security of the data we manage very seriously. Here are some of the steps we take to ensure we keep this data safe. As a SaaS platform provider, it is our duty that your business data is handled with the strictest safety standards. Our enterprise-grade compliance standards ensure that your data is always safe.

Data Encryption

  • Tomba applications and processes use only secured and encrypted data communication from internal and external sources. All of our sources are based on secure options of connectivity, such as SSL, TLS, SSH Tunneling, and HTTPS.
  • Data is retained no longer than insurance of success loading and maintaining the pipelines.
  • Tomba environments are hosted on Cloudflare Services, which assures their physical and virtual resources are compliant with the highest standards such as SOC 1,2,3, HIPAA, and GDPR.

Physical Security

We carefully chose our hosting providers. We make sure our infrastructure has full redundancy for every major system, including the power supply and internet connection. The data centers we use have surveillance teams on site 24/7, barbed-wire fencing and strict security procedures.

Software

  • A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
  • A firewall is systematically used on Tomba ’s servers to prevent access from non-approved IP addresses.
  • Critical admin interfaces are protected using at least double-authentication.
  • Our software infrastructure is regularly updated using automatic update mechanisms when possible.
  • Encrypted messaging systems are available to Tomba ’s employees and contractors, and used for most communications.

Debit / Credit Card Information

  • Tomba doesn’t store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
  • The provider handling all the card details is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.