Security & Compliance

Empower makers across your organization with powerful governance ensuring that your sensitive data and critical systems are protected.

Data encrypted in-transit and at-rest

All connections with Tonkean are encrypted using industry-standard HTTPS/TLS protocols with all data fully encrypted following AES-256 standards while at-rest or in-transit.
Dashboard mockup

Item-level data retention policies

Define specific data retention lengths down to the field level to ensure sensitive data is only available as long as needed for each process.
Dashboard mockup

Granular access controls at all levels

Tonkean is architected and engineered with in-built security. Comprehensive role-based access control (RBAC) ensures that every permission from data access through process creation is properly secured and controlled.
Dashboard mockup

Full audit log of transactions

Tonkean maintains non-repudiation logs capturing full records of all edits to solutions and enterprise components in development and all processed transactions within test and production environments.
Dashboard mockup

Secure & Flexible Deployment Options

Tonkean can be deployed on any of the three major cloud providers including AWS, Microsoft Azure (Self-Hosted only), and GCP (Self-Hosted only). All deployments have a hardened operating systems installation, firewall protection, and regular system patching process.
Public cloud

Public Cloud

Tonkean’s public servers are stored on AWS in a multi-tenant environment. The public cloud environment will be managed by Tonkean.

Dedicated Cloud

A single-tenant cloud environment not shared with other customers. The dedicated instance will be managed by Tonkean and is hosted on AWS.


Have Tonkean installed on your organization’s self-hosted environment. This cloud environment will be privately managed by your internal IT team. For a self-hosted environment, Tonkean can be hosted on AWS, Azure, and GCP.

Enterprise-grade compliance


GDPR Ready

Tonkean adheres to the General Data Protection Regulation (GDPR). We’re here to help our customers in their efforts to comply with GDPR.

Learn more at our Terms of Service page.

SOC 2 Type 2

Tonkean is SOC 2 Type 2 compliant and independently audited for our commitment to meeting the most rigorous security, availability, and confidentiality standards in the industry in accordance with the AICPA Trust Services Principles and Criteria.

If you are a customer, you can ask for our latest report here.


At Tonkean, we view data privacy and security as paramount, particularly in the healthcare sector, which involves the processing of sensitive data.

Read more about our HIPAA Compliance