Security you can trust

Here at Tonic.ai, we utilize the principle of least privilege to protect data. Tonic.ai employees will never access your customer data—and the Tonic platform doesn’t store that data either.

Rest assured that we take security seriously.

Our security controls include the following.

Secure by design

When we connect to customers' environments, we use least privilege, with access scoped only to what is needed to satisfy the control.

Access management

To restrict employee access, Tonic.ai uses the principle of least privilege, to ensure that employees have access only to what they need to perform their specific roles.

External validation

Tonic.ai uses an independent auditor to maintain a SOC 2 report, to ensure adherence to industry standards for security and privacy.

3rd-party pen testing

Tonic.ai engages a qualified assessor to complete an annual third-party static code analysis and manual penetration tests.

Manual and automated testing

As part of every release, Tonic.ai uses a combination of:

• Manual testing

• Automatic unit and integration tests

• Security scanning

Monitoring

Tonic.ai uses multiple logging and monitoring tools to ensure that the software we build and deploy is:

• Free of defects

• Configured securely

Security and risk management team

Tonic.ai employs staff who have industry knowledge and experience in:

• Secure infrastructure

• Application management

• Risk

• Operations

Device management

Tonic.ai uses centrally managed endpoint management solutions to ensure that all employee and BYOD devices:

• Are configured securely

• Receive proper updates

• Remain compliant with Tonic.ai requirements while in use

Annual security training

Our annual security training covers:

• Security hygiene

• Phishing

• Data protection

• New threats that employees might encounter

• General best practices