Security
Our platform is designed to prioritize security and backed by a dedicated team of experts who are always working to ensure your data is protected.
Core security principles
How we ensure your data is protected.
Secure software
development lifecycle
Guided by security principles, we include security reviews in our development processes to reduce vulnerability risk.
Monitoring and
incident response
To make sure our platform is always secure, we use monitoring and event correlation systems for rapid alerts to service owners.
Automated security tools continuously scan our platform and code to ensure that there are no exploitable vulnerabilities.
Traffic management
Thanks to traffic management Toloka is able to automatically block malicious traffic and ensure platform security and reliability.
Penetration testing
Regular penetration tests are conducted by industry-leading cybersecurity companies to identify application vulnerabilities.
Encryption
All data entrusted to us is stored using Azure Encryption, and we encrypt data in transit using TLS 1.2 for end-to-end security.
Security management system
Our management system integrates all security efforts and provides evaluation tools for getting insights for improvement.
Security by design
Data security is at the center of everything we do — from the platform architecture to our security management.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg"><path d="M 12.5 15.5 L 0 15.5 L 0 12.5 L 12.5 12.5 L 12.5 0 L 15.5 0 L 15.5 12.5 L 28 12.5 L 28 15.5 L 15.5 15.5 L 15.5 28 L 12.5 28 Z" fill="rgb(0, 0, 0)" height="28px" id="v_HNFUCmW" transform="translate(10 10)" width="28px"/></svg>)
Where and how do we store data?
We store data on Microsoft Azure servers that may be located in the US or the EU. As a customer, you can choose where you'd like to keep your data. You can also opt for on-premises storage. You can:
Store data outside Toloka's infrastructure.
Make use of a private cloud on the storages we use.
Choose the exact region of servers.
How do we protect your data?
We run our service on the Microsoft Azure platform, which provides industry-leading security and availability solutions. To ensure data security, we also use solutions provided by Microsoft Azure for data protection.
All data on Toloka’s servers is encrypted using Azure's Encryption at Rest feature with the AES256 encryption algorithm.
Data in transit is encrypted using TLS 1.2.
We perform a backup of your data with geo redundancy.
We guarantee the deletion of data upon your request or when the contract ends.
How do we ensure product security?
We follow a vulnerability management process that includes regular code scanning for vulnerabilities with SAST scanning by Github Advanced Security.
The secure development process (SDLC) is implemented to identify vulnerabilities at the design and development stage of the service.
All our engineers complete secure code development training annually.
How do we ensure communication security?
Please see section 3 of our Privacy Notice where the categories of data are listed.