Data Protection
We take extensive measures to protect your data. All data transmitted between users and our servers is encrypted using TLS to prevent unauthorized access during transit. Sensitive data stored on our servers is encrypted at rest, following industry-standard protocols. Access to this data is tightly controlled through role-based permissions, ensuring only authorized personnel can access sensitive information.
We also adhere to a GDPR-compliant data deletion policy, ensuring that personal data is permanently removed from our servers upon user request or at the end of the data retention period. Furthermore, we maintain comprehensive audit logs to track data access and modifications for monitoring and compliance purposes.
Your sensitive business data, customer information, and proprietary datasets remain completely protected and under your control.
- We utilize multiple AI models from Anthropic and OpenAI, sharing only user prompts and application metadata such as UI components to LLMs to generate responses.
- No data from your data sources or user-related data is shared outside of your self-hosted deployment.
AI Data Usage Policies
Your proprietary information, business processes, and competitive advantages remain exclusively yours and will never be used to improve AI models that could benefit your competitors.
- We do not use any user data to train or improve LLMs.
- We do not use or store your business data for AI or any other purpose.
Compliance and Certifications
We adhere to globally recognized standards for data security and compliance. ToolJet meets the requirements of the following certifications:
GDPR: ToolJet fully complies with the General Data Protection Regulation (GDPR), ensuring your personal data is processed and stored securely.
SOC 2: We undergo regular SOC 2 Type II audits to validate our commitment to maintaining high security, availability, and confidentiality standards.
ISO 27001: ToolJet follows the ISO 27001 standard for information security management, ensuring a systematic approach to managing sensitive information.
Deployment Options
While we currently utilize LLMs that are cloud products offered by companies such as Anthropic and OpenAI.
- You can meet your organization's specific security, compliance, and data residency requirements while maintaining full control over your AI infrastructure with our self-hosted deployment option.
- You can set up a separate instance of Tooljet just for development with the AI features to keep your data air-gapped.
Incident Response
We continuously monitor our systems for suspicious activities or security incidents. In the event of a security breach, we have a detailed incident response plan in place. This plan ensures immediate action is taken to contain the breach, communicate with affected parties, and implement remediation steps to prevent future incidents.
Secure Development Practices
We adhere to globally recognized standards for data security and compliance. ToolJet meets the requirements of the certifications below.
SOC 2: We undergo regular SOC 2 Type II audits to validate our commitment to maintaining high standards in security, availability, and confidentiality.
User Responsibility
We encourage all our users to practice good security habits to enhance security further. This includes creating strong, unique passwords for ToolJet accounts and enabling two-factor authentication for added protection. Users should also keep their devices and applications updated to guard against vulnerabilities.
Full Transparency and Logging
You can have complete visibility and audit trails for compliance requirements, security monitoring, and governance oversight, giving you confidence in your AI usage.
- Complete logging of any requests sent to external LLMs and their corresponding responses.
- Full audit trails for compliance and security monitoring.
- Transparent data handling with clear visibility into all AI operations.
Privacy Policy
ToolJet takes privacy seriously. Our transparent privacy policies ensure customers understand how their data is collected, stored, and processed. We adhere to privacy regulations in all regions in which we operate.
Contact Us
If you have any questions regarding our security and compliance practices, please contact us at [email protected].
