Compliance Certifications
We maintain the highest industry standards and regularly undergo rigorous third-party audits to ensure compliance.
In ObservationSOC 2 Type II
Audited controls for security, availability, and confidentiality trust service principles with an observation period.
CompliantSOC 2 Type I
Audited controls for security, availability, and confidentiality trust service principles.
Resource Library
Access our security documentation, policies, and compliance reports.
SOC 2 Type I
Compliance report
Risk Assessment and Treatment Policy
Policy document
Personnel Security Policy
Policy document
Vendor Management Policy
Policy document
Network Security Policy
Policy document
Baseline Hardening Policy
Policy document
Security controls
Our comprehensive security program includes controls across multiple domains to protect your data.
Access Control & Authorization
Data Protection & Privacy
Governance & Oversight
IT & Operational Security
Risk & Compliance Management
Security & Incident Management
Access Control & Authorization
Data Protection & Privacy
Governance & Oversight
IT & Operational Security
Risk & Compliance Management
Security & Incident Management
Access Control & Authorization
Data Protection & Privacy
Governance & Oversight
IT & Operational Security
Risk & Compliance Management
Security & Incident Management
Subprocessors directory
We carefully select and monitor all third-party services that process data on our behalf.
Sentry
Application Performance Monitoring
PostHog
Analytics & Insights
MongoDB
Database Services
Slack
Messaging Services
OpenAI
AI & Machine Learning
Mixpanel
Analytics & Insights
Frequently Asked Questions
Find answers to common questions about our security and compliance practices.
Our Security Commitment
At Toffu AI, security isn't just a feature—it's foundational to everything we build. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies.
We treat the data entrusted to us—whether from our customers, their end users, or anyone who interacts with our organization—with the utmost care and responsibility. Security is embedded in our DNA, enabling us to deliver innovative solutions without compromising on protection.
