Security
Our platform is designed to prioritize security and backed by a dedicated
team of experts who are always working to ensure your data is protected.
Security by design
Your data is one of your most valuable assets, and our job is to keep it safe.
At Toloka, data security is at the center of everything we do — from the platform
architecture to our comprehensive security management and monitoring system.
Core principles: how we ensure your data is protected
Secure software development lifecycle
Guided by security principles, we include security reviews in our development processes to reduce vulnerability risk.
Monitoring and incident response
To make sure our platform is always secure, we use monitoring and event correlation systems for rapid alerts to service owners.
Vulnerability scanning
Automated security tools continuously scan our platform and code to ensure that there are no exploitable vulnerabilities.
Traffic management
Thanks to traffic management Toloka is able to automatically block malicious traffic and ensure platform security and reliability.
Penetration testing
Regular penetration tests are conducted by industry-leading cybersecurity companies to identify application vulnerabilities.
Encryption
All data entrusted to us is stored using Azure Encryption, and we encrypt data in transit using TLS 1.2 for end-to-end security.
Security management system
Our management system integrates all security efforts and provides evaluation tools for getting insights for improvement.
Frequently asked questions
- We store data on Microsoft Azure servers that may be located in the US or the EU. As a customer, you can choose where you'd like to keep your data. You can also opt for on-premises storage.You can:
- Store data outside Toloka's infrastructure.
- Make use of a private cloud on the storages we use.
- Choose the exact region of servers.
- We follow a vulnerability management process that includes regular code scanning for vulnerabilities with SAST scanning by Github Advanced Security.
- The secure development process (SDLC) is implemented to identify vulnerabilities at the design and development stage of the service.
- All our engineers complete secure code development training annually.
- We run our service on the Microsoft Azure platform, which provides industry-leading security and availability solutions. To ensure data security, we also use solutions provided by Microsoft Azure for data protection.
- All data on Toloka’s servers is encrypted using Azure's Encryption at Rest feature with the AES256 encryption algorithm.
- Data in transit is encrypted using TLS 1.2.
- We perform a backup of your data with geo redundancy.
- We guarantee the deletion of data upon your request or when the contract ends.
- All communications including APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks.
Take advantage
of Toloka technologies