Trust and Security Center
Lasting Partnerships Are Built on Trust
1touch.io ensures our customer data is rigorously protected in line with security, compliance, and privacy frameworks.
Information Security Program
We maintain an internal Information Security Program (ISP) that addresses both our products and our general business practices. The ISP ensures a secure environment for our employees, customers, systems, and the data we manage. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, including:
Access Controls
Encryption
Employee training
Credential and key management
Physical security
Network and cloud security
Secure software development life cycle (SSDLC) practices
Certifications and Compliance
As part of our commitment to safeguarding customer data and maintaining excellence in security controls, 1touch.io holds industry-leading certifications:
SOC 2 Type 2 Compliance
1touch.io undergoes an annual SOC 2 Type 2 audit to ensure proper safeguards for customer data and to evaluate the effectiveness of security controls. Our SOC 2 Type 2 report is available upon request under a non-disclosure agreement (NDA).
ISO 27001 Certification
1touch.io is ISO 27001 certified, demonstrating our adherence to best practices for information security management systems (ISMS). This certification ensures we systematically manage risks related to the security of information assets.
Platform Security
As a cloud-native platform, 1touch.io provides scalable and secure solutions, incorporating:
Encryption
- Data in transit and at rest is encrypted using AES-256 and TLS 1.2/1.3.
- Fine-grained encryption levels (Raw/Column/Value) ensure compliance with financial, health, and privacy regulations.
Authentication & Authorization
- Supports OAuth2/OpenID standards with Multi-Factor Authentication (MFA).
- Uses API Gateway security with token-based authentication to protect access.
Advanced API Security
- Implements API rate limiting and gateway protections to prevent abuse and cyber threats.
- Adopts secure communication protocols and authentication frameworks.
Proactive Monitoring & Logging
- Continuous logging and security auditing using Security Audit Logs and user activity audits.
- Monitors and detects anomalies in real-time.
Infrastructure & Subprocessors
As part of our commitment to safeguarding customer data and maintaining excellence in security controls, 1touch.io holds industry-leading certifications:
Sub-Processor
Storage Location
Purpose
Google Cloud Platform
USA
SaaS
Coralogixg
USA
Centralized logging & analytics
Network & Data Protection
As part of our commitment to safeguarding customer data and maintaining excellence in security controls, 1touch.io holds industry-leading certifications:
Network Security
- VPC-based architecture enforces strict segmentation and resource isolation.
- Firewall rules ensure that only trusted traffic can access 1touch.io environments.
Data Protection
- Encryption at rest using Customer-Managed Encryption Keys (CMEK) for enhanced control.
- Enforced TLS 1.2+ for all communications.
Security Audit & Incident Response
1touch.io maintains an extensive incident response framework, integrating:
- Real-time security monitoring and anomaly detection.
- Automated security playbooks for rapid threat mitigation.
- Continuous risk assessment and compliance monitoring.
Product Architecture
The 1touch.io platform is built with a multi-layered security architecture to ensure data integrity, privacy, and operational resilience. The platform consists of three primary deployment units:
- Real-time security monitoring and anomaly detection.
- Automated security playbooks for rapid threat mitigation.
- Continuous risk assessment and compliance monitoring.
Data Flow & Security Mechanisms
- All inter-component communication is secured using HTTPS/TLS encryption.
- Access to components is controlled through OAuth2/OpenID authentication frameworks.
- Logs and audit trails are collected to ensure real-time monitoring and threat detection.
- Kubernetes-based architecture ensures scalability and high availability.
Product and demo.
Learn more about the Kontxtual data discovery and classification platform and book a demo with one of our team.
