Standards
We are dedicated to best practices in information security to meet and exceed industry standards.
ISO 27001
Toloka implements an information security management system (ISMS) that was audited by the British Standards Institution (BSI) and certified in compliance with the ISO/IEC 27001 standard. The international standard provides a framework for information risk management to guarantee confidentiality, integrity and availability of data.
GDPR
The Toloka platform strives to comply with key requirements of the General Data Protection Regulation (GDPR). We prioritize the privacy of our users and make every effort to protect personal data by following established internal processes.
Approach
We take security seriously, from designing the architecture of our platform to protecting the rights of our users.
Commitment to data security
We use a secure software development lifecycle process that includes: Security review of the platform architecture and design
Manual security testing (white box penetration testing) Regular codebase scanning using several SAST tools Continuous DAST scanning Automatic security checks on third-party components with known vulnerabilities Continuous security analysis of images used in cloud platforms Continuous scanning of the codebase, configurations, and specifications for secrets (tokens, passwords, private keys, and so on) Security Development Lifecycle (SDL) applied to all stages of platform development
Anonymity
We reserve the right of our users to remain anonymous and not share their personal information.
Customers may choose to upload tasks under their real brand name or use a nickname.
Performers’ real names are not shown on the platform when they are completing tasks.
Data storage
We take full responsibility for the privacy of our users’ data. Our multi-tenant storage architecture is convenient for our customers and complies with local laws.
Customers have 3 options for storing datasets:
Default data storage
By default, we host customer data in a Microsoft Azure cloud split into multi-tenant tiers based on location (US customer data is stored in the US, while EU customer data is stored in the EU).
Dedicated storage
A dedicated and isolated single-tenant cluster of storages is available by request for large customers based on their geography.
On-premise data storage
The Toloka API allows the customer to host data in their own cloud or on their own premises.
Legal
Toloka is a public crowd platform where customers can have data of any type labeled.
The purpose of the platform is to create efficient labeling pipelines for artificial intelligence and machine learning projects and to provide convenient tools for handling data.
Customers sign standard service agreements or individual agreements approved by our Legal department. Performers sign agreements for data labeling services.