ToolSwift LogoTrust Center

Security

We take security seriously. Learn about our comprehensive security measures designed to protect your data and ensure the highest level of protection.

Infrastructure Security

Our infrastructure is built on Amazon Web Services (AWS) and Vercel, leveraging their enterprise-grade security features and shared responsibility model. AWS secures the underlying infrastructure while we focus on application-layer security.

Frontend Security (Vercel)

  • Global CDN with DDoS protection
  • Automatic SSL/TLS certificates
  • Built-in security headers and best practices
  • Edge network protection

Backend Security (AWS)

  • AWS EC2 instances with Nitro System for hardware-based security
  • AWS Application Load Balancer for traffic distribution and SSL termination
  • AWS Firewall (WAF) for web application protection and DDoS mitigation
  • AWS-managed network security and data center protection
  • High availability through load balancing

Database Security

  • MongoDB with encrypted connections
  • Network isolation and access controls

Data Encryption

We protect sensitive data through multiple layers of security. User passwords are securely hashed using bcrypt with salt rounds, while our infrastructure leverages AWS and Vercel's built-in encryption capabilities for data protection.

Password Security

  • Passwords are hashed using bcrypt with 10 salt rounds
  • Passwords are never stored in plain text
  • One-way hashing ensures passwords cannot be reversed

Infrastructure Encryption

  • TLS/SSL encryption for all data in transit (handled by AWS Load Balancer and Vercel)
  • AWS-managed encryption for backend infrastructure
  • Encrypted connections to MongoDB database
  • Vercel provides automatic SSL/TLS for frontend traffic

Access Controls

We implement access controls and authentication mechanisms to ensure that only authorized users can access their accounts and data. AWS provides additional infrastructure-level access controls.

  • Secure authentication for user accounts
  • Password-based authentication with secure hashing
  • AWS IAM for infrastructure access management
  • Network-level access controls through AWS security groups
  • Session management for user authentication

Incident Response

We have procedures in place to identify, contain, and remediate security incidents. AWS and Vercel provide automated threat detection and monitoring capabilities that help protect our infrastructure.

  • Automated threat detection through AWS WAF and Vercel
  • Incident response procedures
  • Post-incident analysis and improvements
  • Customer notification procedures for security incidents

Security Certifications

We are committed to maintaining industry-standard security certifications and compliance frameworks.

  • SOC 2 Type 1 (In Process)
  • Regular third-party security assessments
  • Penetration testing
  • Vulnerability scanning