Privacy and security are paramount to earning and keeping the trust of our users, so we hold ourselves to rigorous standards.
When you visit the Toolkit website, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. Data at rest is secured with several months of rolling versioned backups at an offsite location managed by an enterprise level backup supplier who also have their own redundancies in place. Data in transit is secured over 256-bit Secure Sockets Layer encryption.
Toolkit servers are located in the US, in Tier IV data centers that offer 99.99% uptime guarantees. These data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access. Toolkit does not make any explicit uptime guarantees, but does strive to provide a world-class online product.
The system is protected with multiple layers of server-side and client-side security. This includes enterprise-grade WAF (Website Application Firewalls), DDoS protection, Browser Integrity Checks, OWASP ModSecurity, network monitoring tools, and more. We regularly install security updates and patches to keep servers up to date.
Toolkit maintains strong password policies, and separate production and testing environments.
Toolkit adheres to the Health Insurance Portability and Accountability Act (HIPPA) and General Data Protection Regulation (GDPR). Privacy and security are fundamental components around which the software is developed.
At any time, you may export data from Toolkit to CSV files.
If you believe you've discovered a security-related issue, please report the issue at [email protected].