Privacy and security are paramount to earning and keeping the trust of our users, so we hold ourselves to rigorous standards.

Network and system security

When you visit the Toolkit website, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. Data at rest is secured with several months of rolling versioned backups at an offsite location managed by an enterprise level backup supplier who also have their own redundancies in place. Data in transit is secured over 256-bit Secure Sockets Layer encryption.

Service reliability and durability

Toolkit servers are located in the US, in Tier IV data centers that offer 99.99% uptime guarantees. These data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access. Toolkit does not make any explicit uptime guarantees, but does strive to provide a world-class online product.

Product security

The system is protected with multiple layers of server-side and client-side security. This includes enterprise-grade WAF (Website Application Firewalls), DDoS protection, Browser Integrity Checks, OWASP ModSecurity, network monitoring tools, and more. We regularly install security updates and patches to keep servers up to date.

Toolkit maintains strong password policies, and separate production and testing environments.

Data privacy and portability

Your data is yours. Toolkit does not sell or rent any customer information or information provided to the service. For more information, please review our Privacy Policy.

Toolkit adheres to the Health Insurance Portability and Accountability Act (HIPPA) and General Data Protection Regulation (GDPR). Privacy and security are fundamental components around which the software is developed.

At any time, you may export data from Toolkit to CSV files.

How to report an issue

If you believe you've discovered a security-related issue, please report the issue at [email protected].