Toffu AI | Trust Portal

Live monitoring by Delve

Toffu AI Compliance Report

Toffu AI is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.

Ctrl+K

Compliance Certifications

We maintain the highest industry standards and regularly undergo rigorous third-party audits to ensure compliance.

Compliant

SOC 2 Type II

Audited controls for security, availability, and confidentiality trust service principles with an observation period.

Last audit: October 2025

Compliant

SOC 2 Type I

Audited controls for security, availability, and confidentiality trust service principles.

Resource Library

Access our security documentation, policies, and compliance reports.

PDF

SOC 2 Type II

Compliance report

PDF

SOC 2 Type I

Compliance report

PDF

Personnel Security Policy

Personnel Security Policy document

Updated: December 2025

PDF

Acceptable Use Policy

Acceptable Use Policy document

Updated: December 2025

PDF

Information Security Policy

Information Security Policy document

Updated: December 2025

PDF

Access Control and Termination Policy

Access Control and Termination Policy document

Updated: December 2025

Security controls

Our comprehensive security program includes controls across multiple domains to protect your data.

No security controls found.

Subprocessors directory

We carefully select and monitor all third-party services that process data on our behalf.

MongoDB

Data Stores & Warehouses

Pinecone

Data Stores & Warehouses

Mixpanel

Business Apps & Productivity

OpenAI

AI & ML Services

Render

Cloud Infrastructure & Platform Services

Sentry

Logging & Observability

Showing 6 of 9 subprocessors

Frequently Asked Questions

Find answers to common questions about our security and compliance practices.

Our Security Commitment

At Toffu AI, security isn't just a feature—it's foundational to everything we build. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies. We treat the data entrusted to us—whether from our customers, their end users, or anyone who interacts with our organization—with the utmost care and responsibility. Security is embedded in our DNA, enabling us to deliver innovative solutions without compromising on protection.

Monitored by

Live monitoring by Delve

Toffu AI Compliance Report

Toffu AI is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.

Ctrl+K

Compliance Certifications

We maintain the highest industry standards and regularly undergo rigorous third-party audits to ensure compliance.

Compliant

SOC 2 Type II

Audited controls for security, availability, and confidentiality trust service principles with an observation period.

Last audit: October 2025

Compliant

SOC 2 Type I

Audited controls for security, availability, and confidentiality trust service principles.

Resource Library

Access our security documentation, policies, and compliance reports.

PDF

SOC 2 Type II

Compliance report

PDF

SOC 2 Type I

Compliance report

PDF

Personnel Security Policy

Personnel Security Policy document

Updated: December 2025

PDF

Acceptable Use Policy

Acceptable Use Policy document

Updated: December 2025

PDF

Information Security Policy

Information Security Policy document

Updated: December 2025

PDF

Access Control and Termination Policy

Access Control and Termination Policy document

Updated: December 2025

Security controls

Our comprehensive security program includes controls across multiple domains to protect your data.

No security controls found.

Subprocessors directory

We carefully select and monitor all third-party services that process data on our behalf.

MongoDB

Data Stores & Warehouses

Pinecone

Data Stores & Warehouses

Mixpanel

Business Apps & Productivity

OpenAI

AI & ML Services

Render

Cloud Infrastructure & Platform Services

Sentry

Logging & Observability

Showing 6 of 9 subprocessors

Frequently Asked Questions

Find answers to common questions about our security and compliance practices.

Our Security Commitment

Monitored by

Compliance Certifications

SOC 2 Type II

SOC 2 Type I

Resource Library

SOC 2 Type II

SOC 2 Type I

Personnel Security Policy

Acceptable Use Policy

Information Security Policy

Access Control and Termination Policy

Security controls

Subprocessors directory

MongoDB

Pinecone

Mixpanel

OpenAI

Render

Sentry

Frequently Asked Questions

How are emergency changes handled?

How do you monitor vendor performance and compliance?

What is your approach to security patching?

How do we manage risks associated with third-party vendors?

What safeguards exist for source code changes?

What background verification is performed for new personnel?

Our Security Commitment

Compliance Certifications

SOC 2 Type II

SOC 2 Type I

Resource Library

SOC 2 Type II

SOC 2 Type I

Personnel Security Policy

Acceptable Use Policy

Information Security Policy

Access Control and Termination Policy

Security controls

Subprocessors directory

MongoDB

Pinecone

Mixpanel

OpenAI

Render

Sentry

Frequently Asked Questions

How are emergency changes handled?

How do you monitor vendor performance and compliance?

What is your approach to security patching?

How do we manage risks associated with third-party vendors?

What safeguards exist for source code changes?

What background verification is performed for new personnel?

Our Security Commitment