Skip to main content

Compliance and Commitments

GDPR: Compliant.

We align our data handling, user rights, and vendor management with the GDPR framework, including data subject rights, lawful bases, and records of processing activities.

SOC 2 Type II: On our roadmap.

We are formalizing controls and evidence collection toward SOC 2 Type II and will share progress updates as milestones are reached.

Data Processing Agreement (DPA):

Available upon request for customers who need contractual assurances aligned to GDPR.

Data Protection

  • Encryption in transit: All data transmitted between clients and our services is protected by TLS (HTTPS).
  • Encryption at rest: Customer data stored by Toolbar is encrypted using strong, modern ciphers.
  • Secrets management: Application and infrastructure secrets are stored securely and rotated on a defined schedule.
  • Backups and resilience: Regular backups and recovery testing ensure continuity and help minimize downtime and data loss.

Secure Development

  • SDLC: Security requirements are integrated into design, development, code review, and release processes.
  • Dependency hygiene: We scan third-party libraries for known vulnerabilities and update proactively.
  • Testing: Automated tests and security checks run in CI to catch regressions early.
  • Change management: All production changes are tracked and reviewed before deployment.

FAQs

Your data is hosted in reputable, tier‑1 cloud regions with strong physical, network, and operational controls. Specific regions and residency options are available upon request.
We apply network-level protections, behavioral monitoring, and log analysis to detect anomalies and potential threats.
We conduct ongoing vulnerability scanning and schedule independent assessments at key release and compliance milestones.
Not currently. We welcome responsible disclosure reports and respond promptly to all submissions.
Reach our security team at your designated support channel or your account representative.contact@usetool.bar
I