Tossend
Sign In

Security

We take security seriously. Learn about our security practices, compliance certifications, and how we protect your data.

Bank-grade encryption
TLS 1.3
99.9% uptime SLA
GDPR compliant

Security Features

Encryption at Rest & Transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. API keys and sensitive credentials are stored using industry-standard encryption.

API Key Security

Secure API key management with scoped permissions, automatic rotation options, and instant revocation capabilities.

Access Control

Role-based access control (RBAC) for team members. Audit logs track all account activities and API usage.

Infrastructure Security

Hosted on reliable cloud infrastructure with DDoS protection, WAF, and regular security patches.

Regional Data Processing

Email processing in Southeast Asia region with data residency options for compliance requirements.

Security Audits

Regular penetration testing and security audits by third-party security firms. Vulnerability disclosure program available.

Compliance

GDPR

EU General Data Protection Regulation compliant

Compliant

CCPA

California Consumer Privacy Act compliant

Compliant

SOC 2 Type II

Service Organization Control certification

In Progress

ISO 27001

Information Security Management System

Planned

Security Practices

All employees undergo security awareness training
Principle of least privilege for all system access
Multi-factor authentication required for all accounts
Regular backup and disaster recovery testing
24/7 security monitoring and incident response
Secure software development lifecycle (SDLC)
Vendor security assessments for third parties
Data retention and deletion policies

Report a Vulnerability

Found a security issue? We appreciate responsible disclosure. Please report vulnerabilities to our security team.

For security reports, please email security@tossend.com. We aim to respond within 24 hours.