Security and Responsible Disclosure
We apply modern protection methods and welcome responsible vulnerability reports.
TL;DR
- TLS and encryption by default.
- Isolated Dev and Prod environments, strict RLS policies.
- Safe harbor policy for security researchers.
Security Measures
- Encryption of all data in transit and at rest.
- Anti-bot (Turnstile) and anti-replay protection.
- Separation of Dev and Prod environments with strict RLS policies.
- Regular code reviews and automated security testing.
- Founding Partners’ data is stored in an encrypted database with access limited to internal service processes.
Responsible Disclosure
If you discover a vulnerability, please report it to hi@toqen.app. We handle good-faith reports under our safe harbor policy and respond within 7 days.
Infrastructure
We use trusted infrastructure providers with data protection agreements. Our security does not rely on obscurity.