Here at Tonic.ai, we utilize the principle of least privilege to protect data. Tonic.ai employees will never access your customer data—and the Tonic platform doesn’t store that data either. Rest assured we take security seriously.
We use least privilege when connecting to customers’ environments, scoped to only what’s needed to satisfy the control.
Tonic.ai restricts employee access using the principle of least privilege, ensuring that employees only have access to what they need to perform their specific roles.
Tonic.ai uses an independent auditor to maintain a SOC 2 report, ensuring adherence to industry standards for security and privacy.
3rd party pen testing
Tonic.ai completes annual third-party static code analysis and manual penetration tests by a qualified assessor.
Manual and automated testing
Tonic.ai uses a combination of manual testing, automatic unit and integration tests, and security scanning as part of every release.
Tonic.ai uses multiple logging and monitoring tools to ensure that the software we build and deploy is free of defects and configured securely.
Security & Risk Management Team
Tonic.ai employs staff with industry knowledge and experience in secure infrastructure, application management, risk, and operations.
Tonic.ai uses centrally managed endpoint management solutions to ensure that all employee and BYOD devices are configured securely, receive proper updates, and remain compliant with Tonic requirements while in use.
Annual security training
Our annual security training covers security hygiene, phishing, data protection, new threats that employees may encounter, and general best practices.
Reporting security issues
If you believe you’ve found something in a Tonic.ai product that has security implications, please email your findings to firstname.lastname@example.org. If you would like to report these over a secure channel, please send us an email, and we can provide a PGP key or other secure form of communication.
For more information about our security processes, please reach out to email@example.com.