The security of your data and your work is our priority. We make sure that your data remains in good hands and it is by building Tomorro with you and understanding your expectations that we have, for example, chosen to host our servers in France, the leading country in terms of regulations.
What does this mean in concrete terms?
Tomorro is ISO 27001 certified.
Annual penetration tests.
Access to the Tomorro premises is protected by individual badges.
Tomorro's premises are monitored 24 hours a day by an alarm and video surveillance system.
Visitors are directly supervised by a Tomorro member for the duration of their visit.
All data is encrypted, including backups, using different encryption keys during transmission as well as during storage.
Data and backup encryption keys are changed regularly.
Data transmission is only carried out using the TLS/SSL protocol.
All transmissions between clients and servers are end-to-end encrypted using the HTTPS protocol.
Stripe, our payment provider, has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a Level 1 PCI Service Provider.
Our privacy and data processing policy complies with the General Data Protection Regulation.
Data backups are made automatically on a daily basis and sent to an isolated AWS account.
Tomorro has a clear procedure in place for security events and has trained all staff members internally on this subject.
Automatic alerts are set up to notify our team in case of an incident.
When security events are detected, they are transmitted to our emergency alias, teams are called, notified and assembled to react quickly.
The analysis is done in person, distributed throughout the company and includes measures that will facilitate the detection and prevention of a similar event in the future.
Security-related events must be systematically reviewed for closure by the engineering and security services and, where appropriate, by the services specifically concerned.