Security & Trust

Our architecture prioritizes the protection of your data. Leveraging Digital Ocean, a leading cloud service provider, we ensure a highly resilient infrastructure that safeguards your information. With role-based access controls, two-factor authentication, and end-to-end audit trails, we guarantee that access is tightly regulated and aligned with security protocols.Encryption is paramount in our data protection strategy. Utilizing SHA-256-bit encryption with RSA for data at rest, and FIPS 140-2 compliant TLS encryption for data in transit, we maintain the integrity and confidentiality of your data at all times.

Our approach to data security is built on the principles of secure design and data isolation. Adhering to secure coding guidelines and OWASP standards, we mitigate threats such as SQL injection and Cross-Site Scripting attacks.Data isolation protocols ensure that each customer's data remains logically separated, preserving confidentiality and integrity. Encryption protocols, both in transit and at rest, guarantee the confidentiality of data transmission and storage, providing peace of mind to our customers.At Togile, we retain your data only for the duration of your usage of our services. Upon trial expiry or subscription cancellation, your data is securely deleted from our servers within 30 days. We retain minimal data, such as leads and deal entries, for user and compliance purposes.

Product security is fundamental to our development process. Our Product Roadmap is regularly reviewed to prioritize security fixes, ensuring that security enhancements are integrated at the earliest opportunity. With a DevOps Squad comprising multidisciplinary members, including Product Owners and Quality Assurance experts, we ensure that security is embedded throughout the development lifecycle.Code Review processes, stringent testing protocols, and version control mechanisms guarantee the integrity and security of our codebase. By adhering to secure coding guidelines and conducting thorough code reviews, we minimize vulnerabilities and ensure the robustness of our products.

We employ stringent physical security measures to protect our premises and data centers. Access controls, CCTV surveillance, and monitoring mechanisms guarantee the integrity and confidentiality of our physical assets. Our data centers, located in secure facilities, are equipped with redundant power and cooling systems to ensure uninterrupted service delivery.

Togile's dedicated VPCs are hosted within MongoDB Data Cloud's secure infrastructure. Access to Google's data center floor is strictly regulated, with multi-factor access control implemented using security badges and biometrics. Google's data center physical security features a layered model, including electronic access cards, alarms, perimeter fencing, and biometric authentication, ensuring comprehensive protection.

Employee Background Checks and ongoing Security Awareness initiatives underscore our commitment to maintaining a secure workforce. With dedicated security and privacy teams, we continuously monitor and manage our security programs, providing specialized expertise and guidance to our engineering teams.Internal Audit and Compliance processes ensure adherence to standards and facilitate independent assessments by third parties, ensuring transparency and accountability in our security practices.

Our load balancers and auto-scaling of service nodes ensure continuous and secure access to services globally, optimizing performance and reliability.

Client databases are replicated across multiple availability zones in near real-time. Nightly backups are taken for each customer's data, encrypted, and stored within Google Cloud buckets. In the event of data recovery requests within the retention period, we promptly restore data with secure access, depending on data size and complexity.

Togile maintains an in-house Incident Response (IR) program to detect and respond to security incidents promptly. Our security team guides employees on reporting suspicious activity, ensuring timely incident response, risk assessment, and communication with stakeholders to mitigate risks effectively.

We enlist reputable external agencies to conduct comprehensive background checks for every new hire. This process meticulously verifies criminal records and previous employment history. Until clearance is obtained, employees are not assigned any tasks or granted access to information that could jeopardize the safety of our customers or team.

Each employee undergoes rigorous training in information security, privacy, and compliance. They are also educated on incident response protocols and effective communication methods. Additional security training may be provided based on their role, including configuring and managing client services or cloud environments.Internal events and quizzes are hosted to ensure employees stay abreast of industry requirements, keeping their knowledge up-to-date.

We boast a dedicated security team tasked with fortifying the company's infrastructure and applications against potential threats. They conduct regular upgrades to mitigate security risks and provide specialized training to developers and consulting teams, emphasizing adherence to secure coding practices and protocols.

All workstations are configured to encrypt data at rest, ensuring data integrity. Removable media sources are strictly prohibited within our office premises. Additionally, two-factor authentication is enforced across all applications and access points. Employees are required to maintain strong passwords and update them regularly to enhance security measures.