GDPR Ready

Tonkean adheres to the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) and to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to the European market) or monitor the behavior of European individuals. We’re here to help our customers in their efforts to comply with the GDPR.

Learn more at our Terms of Service page.


Service Organization Control (SOC) 2

Ernst & Young conducted a SOC 2 audit on Tonkean, providing a report following the audit.

The SOC 2 Report demonstrates Tonkean’s commitment to meeting the most rigorous security, availability and confidentiality standards in the industry. It verifies that Tonkean’s security controls are in accordance with the AICPA Trust Services Principles and Criteria.

Tonkean’s SOC 2 Report is available upon request.


Servers security

  • Our Public Cloud servers are hosted on Amazon AWS. For our Private Clouds (Enterprise tier only), the customer can choose between the 3 major cloud providers: AWS, Microsoft Azure, and Google GCP. For more information on each cloud, see AWS Security Information, Azure Security Information, and GCP Security Information.
  • All have a hardened operating systems installation.
  • A Firewall to prohibit unauthorized system access.
  • A regular system patching processes to provide ongoing protection from exploits.

Payment information security

  • Tonkean does not receive or store any payment information. We use Stripe as a third-party provider to process all payments. Stripe is a company dedicated to this task, and is certified to “PCI Service Provider Level 1”. This is the most stringent level of certification available.
  • See Stripe Security Information

Data security

  • All the network interactions with Tonkean are encrypted using HTTPS for all access points.
  • All user-sensitive data is kept encrypted in our database. This includes:
    • Authorization tokens
    • Passwords

Have other questions?

If you have a security question please contact our support team at If you believe you have found a security vulnerability within Tonkean, please submit your report to