Where and how do we store data?

We store data on Microsoft Azure servers that may be located in the US or the EU. As a customer, you can choose where you'd like to keep your data. You can also opt for on-premises storage. You can: Store data outside Toloka's infrastructure. Make use of a private cloud on the storages we use. Choose the exact region of servers. )

How do we ensure product security?

We follow a vulnerability management process that includes regular code scanning for vulnerabilities with SAST scanning by Github Advanced Security. The secure development process (SDLC) is implemented to identify vulnerabilities at the design and development stage of the service. All our engineers complete secure code development training annually. )

How do we protect your data?

We run our service on the Microsoft Azure platform, which provides industry-leading security and availability solutions. To ensure data security, we also use solutions provided by Microsoft Azure for data protection. All data on Toloka’s servers is encrypted using Azure's Encryption at Rest feature with the AES256 encryption algorithm. Data in transit is encrypted using TLS 1.2. We perform a backup of your data with geo redundancy. We guarantee the deletion of data upon your request or when the contract ends. )

How do we ensure communication security?

All communications including APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. )

Security

Our platform is designed to prioritize security and backed by a dedicated
team of experts who are always working to ensure your data is protected.

Security by design

Your data is one of your most valuable assets, and our job is to keep it safe.
At Toloka, data security is at the center of everything we do — from the platform
architecture to our comprehensive security management and monitoring system.

Core principles: how we ensure your data is protected

Secure software development lifecycle

Guided by security principles, we include security reviews in our development processes to reduce vulnerability risk.

Monitoring and incident response

To make sure our platform is always secure, we use monitoring and event correlation systems for rapid alerts to service owners.

Vulnerability scanning

Automated security tools continuously scan our platform and code to ensure that there are no exploitable vulnerabilities.

Traffic management

Thanks to traffic management Toloka is able to automatically block malicious traffic and ensure platform security and reliability.

Penetration testing

Regular penetration tests are conducted by industry-leading cybersecurity companies to identify application vulnerabilities.

Encryption

All data entrusted to us is stored using Azure Encryption, and we encrypt data in transit using TLS 1.2 for end-to-end security.

Security management system

Our management system integrates all security efforts and provides evaluation tools for getting insights for improvement.

Frequently asked questions

We store data on Microsoft Azure servers that may be located in the US or the EU. As a customer, you can choose where you'd like to keep your data. You can also opt for on-premises storage.You can:
- Store data outside Toloka's infrastructure.
- Make use of a private cloud on the storages we use.
- Choose the exact region of servers.
- We follow a vulnerability management process that includes regular code scanning for vulnerabilities with SAST scanning by Github Advanced Security.
- The secure development process (SDLC) is implemented to identify vulnerabilities at the design and development stage of the service.
- All our engineers complete secure code development training annually.

We run our service on the Microsoft Azure platform, which provides industry-leading security and availability solutions. To ensure data security, we also use solutions provided by Microsoft Azure for data protection.
- All data on Toloka’s servers is encrypted using Azure's Encryption at Rest feature with the AES256 encryption algorithm.
- Data in transit is encrypted using TLS 1.2.
- We perform a backup of your data with geo redundancy.
- We guarantee the deletion of data upon your request or when the contract ends.
All communications including APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks.

Take advantage
of Toloka technologies

Talk to our AI expert