Dedicated to ensuring unparalleled security standards in the world of payroll processing.
Tofu is proud to be ISO/IEC 27001 certified, demonstrating our commitment to maintaining the highest standards of information security management. This certification assures our customers that their data is protected and secure.
Tofu has undergone SSAE 18 SOC 2 Type 2 attestation to validate our security, availability, and confidentiality controls. Our customers can request access to the attestation report, which is available for download upon request.
At Tofu, we prioritize the privacy and data rights of our users. We adhere to the principles of the General Data Protection Regulation (GDPR) to ensure that personal data is processed lawfully, fairly, and transparently. Our privacy practices are designed to give users control over their data and protect their privacy.
Tofu complies with the California Consumer Privacy Act (CCPA) to protect the privacy rights of California residents. We are committed to providing transparency about the collection, use, and sharing of personal information and giving users control over their data.
Our platform incorporates cutting-edge security features designed to safeguard your information.
The Tofu application is securely hosted on Google Cloud Platform (GCP), leveraging its robust infrastructure and security features. GCP maintains various certifications and compliance measures, including ISO/IEC 27001, PCI DSS Level 1, FISMA Moderate, FedRAMP, HIPAA, SOC 1 (formerly referred to as SAS 70 and/or SSAE 16), and SOC 2 audit reports. These certifications and audits demonstrate GCP's commitment to ensuring the security, confidentiality, and availability of our infrastructure, providing customers with confidence in the reliability of the Tofu platform.
Tofu conducts annual penetration tests and security assessments to identify and mitigate potential vulnerabilities in our systems. By proactively assessing our security posture, we ensure that our platform remains resilient against evolving threats and attacks.
Security is integrated into every aspect of the Tofu application's development lifecycle. We employ industry best practices and security controls to safeguard against common vulnerabilities such as injection attacks, cross-site scripting (XSS), and security misconfigurations.
Access control mechanisms are in place to regulate access to the Tofu platform. User authentication and authorization processes ensure that only authorized individuals can log in and access sensitive data and functionalities. Our access control measures help prevent unauthorized access and protect the confidentiality of user information.