Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-22 22:17:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
ToolJet/docs/versioned_docs/version-3.0.0-LTS/security/compliance.md
Pratik Agrawal 1ba4a2ed88
[docs]: Platform Revamp (#11585) 
* Initial Structure Setup

* Add SMTP Configuration Content

* Add ToolJet Plan Content

* Update ToolJet Plan Docs

* Update SMȚP Configuration

* Add Organization Overview

* Update SMTP Cofig

* add licensing structure

* revert AppCard.jsx

* revert AppCard.jsx

* Revert AppMenu.jsx

* Revert Folders.jsx

* Revert ManageGroupPermissionResources.jsx

* revert mixins.scss

* revert tabler.scss

* revert tabler.scss

* revert tabler.scss

* revert tabler.scss

* add: white label doc

* Update overview

* add: instances and workspaces

* revert AppCard.jsx

* revert changes from EditVersionModal.jsx

* Revert Changes

* Delete Extra File

* fix: comments

* update interlink

* fix: multiple instance content

* tj deployment beta

* update tj deployment beta

* Update Email Server Beta

* Update Overview

* update setup email communication

* Update Licensing

* Update overview and self hosted docs

* Update self hosted beta

* Update Licensing

* minor improvments

* update link

* Update folder name

* minor updates

* Update Self Hosted

* Update Cloud and Overview

* Minor Updates and add Mailgun Screenshot

* Change beta folder structure and add sendgrid screenshot

* update setup tj folder

* Replicate changes to 3.0.0-LTS

* Add overview and onboard user structure in beta

* Add Overview for User Management and Access Control

* Add Invite User

* first draft - bulk invite, archive, self signup

* update: intance-workspace-whitelabelling

* fix: workspace-whitelable doc

* minor update in invite user

* Update Onboarding and Offboarding of Users - 03/01

* Add structure for authentication and rbac in beta

* update super admin file structure

* add super admin content

* Update overview page

* Overview for onboard and offboard user

* minor edit overview page

* Update Invite User

* Update Bulk Invite User

* updated archive user

* Update onboarding and offboarding

* Content Update

* Update Super Admin Structure

* Update Super Admin

* User Roles Content

* Custom Groups Content

* Granular Access Control [WIP]

* Add SSO Structure

* github sson 1

* github sso

* Google SSO

* ldap

* grammatical improvement

* Feedback Updates 1

* complete RBAC

* sso update

* SSO LDAP SAML OIDC

* OIDC Setup

* Google OIDC

* Update LDAP and SAML Intro

* Update Profile Management Structure

* Update Access Control Docs

* Update Custom Groups

* feat: authentication

* OIDC - Okta

* feat: cloud auth

* fix: overview typo

* fix: selfhosted auth titles

* Group Sync Structure

* User Metadata

* [WIP] OIDC Group Sync

* OIDC Group Sync

* Update use case example in user metadata

* Remove password management section

* Update reset password

* add: retry limit in password login

* Docs feedback update

* OIDC Group Sync Docs

* oidc grp sync

* Custom Group

* access control

* Profile Management Structure

* edit user details and reset password

* profile settings

* Development Lifecycle Structure

* [WIP] Version Control

* [WIP] Rollback

* Update GitSync Structure

* WIP GitSync

* Copy GitSync from the Develop

* Update version control as per feedback

* wip: release

* release and rollback

* GitSync

* GitSync

* feat: self-hosted and cloud

* gitsync backup docs

* [WIP] GitSync

* GitSync Backup

* share app ideation

* Share Application

* WIP Audit Logs

* WIP Okta SAML

* wip - okta saml

* Okta SAML

* Audit Logs

* Git Push and Pull

* GitSync Backup

* Release Management

* GitSync Config

* gitsync custom branch

* Workspace Constants

* Workspace Variables

* Update License

* update: images and css classes

* update: images

* update: envs

* update: images

* Img Update till Invite User

* update: removed cloud from Dev Life cycle

* feat: custom domain

* fix: formatting - custom domain

* update: workspace doc

* metadata img update

* Images till Onboard and Offboard

* SSO Images

* Image Update GitSync

* fix: naming

* delete sql backup

* update: images

* Add ToolJet API

* Enhance Nav Bar

* Update development lifecycle overview

* update: images

* Nav Bar Update

* fix: feedback

* Update FAQ dropdown

* feedback update

* Content Update

* fix: images

* fix: platform overview image

* Update Grammar and Links till Onboard Users

* Fix links

* Update Self Singup Screenshot

* Fix interlinking

* Fix GitSync Interlinks

* update: interlinking

* Delete Old Docs Beta

* Delete Old Files from LTS

* Replicate Files in LTS

* Update Home Page

* fix workspace login link

* fix links

* Deploy ToolJet

---------

Co-authored-by: PriteshKiri <pritesh.d.kiri@gmail.com>
2025-03-06 16:12:09 +05:30

4.6 KiB
Raw Blame History

id title
compliance Compliance

Uncompromised Data Security with SOC 2 Type II Compliance

With SOC 2 Type II compliance, ToolJet ensures the highest level of data security. The adherence to SOC 2 Type II standards mirrors the rigorous data protection measures in place, covering everything from encryption to robust access controls. It also guarantees a consistent level of service availability and process integrity, instilling confidence in our customers and stakeholders about the safe handling of their sensitive information.

Data Protection

We take extensive measures to protect your data. All data transmitted between users and our servers is encrypted using TLS to prevent unauthorized access during transit. Sensitive data stored on our servers is encrypted at rest, following industry-standard protocols. Access to this data is tightly controlled through role-based permissions, ensuring only authorized personnel can access sensitive information.

We also adhere to a GDPR-compliant data deletion policy, ensuring that personal data is permanently removed from our servers upon user request or at the end of the data retention period. Furthermore, we maintain comprehensive audit logs to track data access and modifications for monitoring and compliance purposes.

Compliance and Certifications

We adhere to globally recognized standards for data security and compliance. ToolJet meets the requirements of the following certifications:

GDPR: ToolJet fully complies with the General Data Protection Regulation (GDPR), ensuring your personal data is processed and stored securely.

SOC 2: We undergo regular SOC 2 Type II audits to validate our commitment to maintaining high security, availability, and confidentiality standards.

ISO 27001: ToolJet follows the ISO 27001 standard for information security management, ensuring a systematic approach to managing sensitive information.

Incident Response

We continuously monitor our systems for suspicious activities or security incidents. In the event of a security breach, we have a detailed incident response plan in place. This plan ensures immediate action is taken to contain the breach, communicate with affected parties, and implement remediation steps to prevent future incidents.

Secure Development Practices

We adhere to globally recognized standards for data security and compliance. ToolJet meets the requirements of the certifications below.

We undergo regular SOC 2 Type II audits to validate our commitment to maintaining high standards in security, availability, and confidentiality.

User Responsibility

We encourage all our users to practice good security habits to enhance security further. This includes creating strong, unique passwords for ToolJet accounts and enabling two-factor authentication for added protection. Users should also keep their devices and applications updated to guard against vulnerabilities.

Data Storage

ToolJet does not store data returned from your data sources. ToolJet server acts as a proxy and passes the data as it is to the ToolJet client. The credentials for the data sources are handled by the server and never exposed to the client. For example, if you are making an API request, the query is run from the server and not from the frontend.

Datasource Credentials

All the datasource credentials are securely encrypted using aes-256-gcm. The credentials are never exposed to the frontend ( ToolJet client ).

Privacy Policy

ToolJet takes privacy seriously. Our transparent privacy policies ensure customers understand how their data is collected, stored, and processed. We adhere to privacy regulations in all regions in which we operate.

Other Security Features

  • TLS: If you are using ToolJet cloud, all connections are encrypted using TLS. We also have documentation for setting up TLS for self-hosted installations of ToolJet.
  • Audit logs: Audit logs are available on the enterprise edition of ToolJet. Every user action is logged along with the IP addresses and user information.
  • Request logging: All the requests to server are logged. If self-hosted, you can easily extend ToolJet to use your preferred logging service. ToolJet comes with built-in Sentry integration.
  • Whitelisted IPs: If you are using ToolJet cloud, you can whitelist our IP address (34.86.81.252) so that your datasources are not exposed to the public.
  • Backups: ToolJet cloud is hosted on AWS using EKS with autoscaling and regular backups.

If you notice a security vulnerability, please let the team know by sending an email to security@tooljet.com.