<img src="https://ws.zoominfo.com/pixel/UFH1H1ydGvMVOr12BP8x" width="1" height="1" style="display: none;">
Request a Demo

Your data is safe with us!

Torii's applications and services are designed with security in mind. Clear procedures and automated controls ensure your data remains protected while you stay in control.

Industry proven, we are certified by SOC 2 Type II and comply with GDPR, the EU-U.S. and the Swiss-U.S.Privacy Shield Frameworks.

We proactively meet each of our compliance obligations while helping your organization achieve compliance as well.

We’ve got the compliance certifications to prove it

Torii's security model and controls are based on international protocols and standards and adhere to industry best practice.

Request a Demo
security
soc2_logo-15f206efe8f4d3fc9780a97f02a8e169

SOC 2 Type II

Torii is SOC 2 Type II certified, confirming that the product and services Torii provides are mature, robust, and secure, and that we are actively creating an organization that supports these goals.
It also means that our software development processes and practices meet required levels of oversight and monitoring, so that we can proactively monitor, identify and address any unusual activity, remediate it with deep contextual insight, and take corrective action, if and when it is needed.

privacyshield_logowithborder-80e743593b2bae85ed0b9f8b4474ec8a

Privacy Shield

Torii is certified and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce in regard to the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.

gdprCompliance_logo-7e7046a4e1d069d06ed6e4cfbdb4a380

GDPR

With customers in nearly every country around the world, we adhere to the General Data Protection Regulation (GDPR) expanding the privacy rights granted to European individuals.
We proactively look at and constantly improve processes related to personal data privacy protection in compliance with legal and contractual obligations for GDPR compliance.

If you have a security question please contact our Security Team

A SaaS Management Platform that
is Secured by Design

Application Security

Encryption

All data is encrypted both in transit and at rest. Database instances, including read replicas and backups are encrypted using the industry standard AES-256 encryption algorithm. Encryption is enforced via TLS to all data in transit. Our databases are hosted on Amazon cloud infrastructure, using Multi-AZ deployment for enhanced availability and durability. Only secure (HTTPS) access to Torii website and app is allowed. Non-secure HTTP requests are first redirected for the HTTPS endpoint before they can be served.

Role Based Access Control (RBAC)

Torii is built as a single page application, with a REST API backend server. Several scopes exist to restrict the API access in these level: anonymous, user-scope, organization scope. Each user is identified with a unique session, stored in a secure, HTTPS only, session cookie. The user scope is set in the database. Each request to the API server is first checked for the right scope in order to validate that a user is allowed to invoke the API. All API requests are scoped to the minimal required permission.

encryption

Authentication

User Authentication and Passwords

Torii authenticates all users with a unique ID and password. All Torii user passwords are encrypted and salted using Bcrypt. Access to Torii restricted API resources are always authenticated.

SAML & MFA Authentication

Torii supports SAML 2.0 authentication, allowing customers to implement Single Sign-On (SSO) with their own access policies, including whitelisting and multi-factor authentication (MFA). Customers may also integrate user authentication with their own policy store (E.g. Active Directory).

authentication

Infrastructure Security

Cloud Computing Services

Torii leverages Amazon Web Services for hosting and compute power. Amazon maintains and demonstrates SSAE-16 SOC 1, 2 and 3, ISO 27001 and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers.

Backups

To maintain a robust disaster recovery strategy, Torii leverages Amazon Aurora automated backups which allows us secure backups as well as quick recovery. We test our backup recovery regularly.

cloud