Data Security
Security practices that protect Towasal conversations and payments.
SOC 2 controls in progress
Zero-trust access for staff
Security is layered across infrastructure, application, and operations so your catalog, orders, and analytics stay private.
1. Infrastructure security
We host on hardened cloud providers with ISO 27001 and SOC 2 certifications. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Network segmentation isolates production services from staging and office networks.
2. Application security
- Secure development: code reviews, dependency scanning, and secrets management.
- Role-based access: granular roles for teammates, with audit trails covering every order update.
- Webhook validation: signed requests for WhatsApp/Instagram callbacks to prevent spoofing.
3. Operational security
Employees authenticate with hardware keys and SSO. Access to production data is granted temporarily and logged.
We run regular tabletop exercises for incident response and disaster recovery.
4. Incident response
If we detect unauthorized access we will notify affected customers within 72 hours (or faster if required by local law), provide details, and share remediation steps.
Report security concerns to security@towasal.io (PGP available).
