Security & Compliance

Empower Makers across your organization with the governance to instill confidence that your sensitive data and critical systems are being protected.

Data encrypted in-transit and at rest

All connections with Tonkean are encrypted using industry standard HTTPS/TLS protocols with all data fully encrypted following AES-256 standards while at rest or in-transit.

Item-level data retention policies

Define specific data retention lengths down to the field level to ensure sensitive data is only available as long as needed for each process.

Granular access controls at all levels

Tonkean is architected and engineered with in-built security. Comprehensive role-based access control (RBAC) ensures that every permission from data access through process creation are properly secured and controlled.

Tonkean Platform Audit Log of Transactions

Full audit log of transactions

Tonkean maintains non-repudiation logs capturing full records of all edits to Solutions and Enterprise Components in development and all processed transactions within test and production environments.

Secure & Flexible Deployment Options

Tonkean can be deployed on the any of the three major cloud providers including AWS, Microsoft Azure (Private Cloud only), and GCP (Private Cloud only). All deployments have a hardened operating systems installation, firewall protection, and regular system patching process.

Public Cloud

Tonkean’s public servers are stored on AWS in a multi-tenant environment. The public cloud environment will be managed by Tonkean.

Dedicated Cloud

A single-tenant cloud environment not shared with other customers. The dedicated instance will be managed by Tonkean and is hosted on AWS.

Private Cloud
Private Cloud Icon

Have Tonkean installed on your organization’s private cloud environment. This cloud environment will be privately managed by your internal IT team. For private cloud, Tonkean can be hosted on AWS, Azure, and GCP.

Enterprise-grade compliance

GDPR Ready

Tonkean adheres to the General Data Protection Regulation (GDPR). We’re here to help our customers in their efforts to comply with GDPR.

Learn more at our Terms of Service page.

Tonkean is certified by the American Institue of certified public accounts in system and organization controls

SOC 2 Type 2

Tonkean is SOC 2 Type 2 compliant and independently audited for our commitment to meeting the most rigorous security, availability, and confidentiality standards in the industry in accordance with the AICPA Trust Services Principles and Criteria.

Have other questions?

If you have a security question, please contact our support team at