Keep your data secure,
our priority.
The security of your data and your work is our priority. We make sure that your data remains in good hands and it is by building Tomorro with you and understanding your expectations that we have, for example, chosen to host our servers in France, the leading country in terms of regulations.
What does this mean in concrete terms?
ISO 27001 certified
We have placed safety issues at the heart of both our software and internal development.
Tomorro is ISO 27001 certified.
Annual penetration tests.
Physical security
Tomorro is committed to guaranteeing the physical integrity of your data: employees, physical security, data access, hosting and networks.
Access to the Tomorro premises is protected by individual badges.
Tomorro's premises are monitored 24 hours a day by an alarm and video surveillance system.
Visitors are directly supervised by a Tomorro member for the duration of their visit.
Hosting
Tomorro strictly controls access to your data, both online and in-house, to ensure that your documents are protected from modification. And for added security, we make daily backups.
All data is hosted in France, including backups.
Hosting is provided by Amazon Web Services, world leader in web hosting, ISO 27001 certified, which also hosts solutions such as Engie, Véolia, Siemens...
Test and production environments are strictly distinct.
Access to Tomorro's systems is protected by AWS's rights management policies.
User authentication by email and password is mandatory for a short session (controlled by a strict policy).
Internal access to data is restricted to duly authorized employees only.
Data encryption
Access to your account is secured by several protection mechanisms. We scrupulously protect your data, which we encrypt both in transit and at rest in our databases.
All data is encrypted, including backups, using different encryption keys during transmission as well as during storage.
Data and backup encryption keys are changed regularly.
Data transmission is only carried out using the TLS/SSL protocol.
All transmissions between clients and servers are end-to-end encrypted using the HTTPS protocol.
Compliance
Tomorro complies with all applicable regulations and we ensure that our service providers are compliant.
Stripe, our payment provider, has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a Level 1 PCI Service Provider.
Our privacy and data processing policy complies with the General Data Protection Regulation.
Availability and resilience
Your data is replicated in real time in 3 distinct data centers in France, automatically switching from one to the other in a few seconds in the event of an incident.
Data backups are made automatically on a daily basis and sent to an isolated AWS account.
Incident response
In the event of an incident, Tomorro's teams are mobilised to protect your data and ensure a return to normal within the shortest possible time.
Tomorro has a clear procedure in place for security events and has trained all staff members internally on this subject.
Automatic alerts are set up to notify our team in case of an incident.
When security events are detected, they are transmitted to our emergency alias, teams are called, notified and assembled to react quickly.
The analysis is done in person, distributed throughout the company and includes measures that will facilitate the detection and prevention of a similar event in the future.
Security-related events must be systematically reviewed for closure by the engineering and security services and, where appropriate, by the services specifically concerned.
Security center
For the sake of transparency and awareness, we have documented all questions relative to security on a dedicated platform accessible to all.
Informations are certified by an external provider (Vanta)
Documentation regularly checked and updated by our teams
All security topics covered
Contact us
If you need help or have any questions about security or the use of our services, our team is at your disposal.
