Security Policy
Last Updated: 21st January 2025
How we protect your data at Tofi.Ai
Privacy Practices
At Tofi Technologies Pvt. Ltd., we are committed to safeguarding your personal information and data.
No Renting or Selling of Data
We will never rent or sell your information or data to anyone.
No Use for Advertising
We never use or transfer your data for serving ads, including retargeting, personalized, or interest-based advertising.
Data Sharing
We will never provide any part of your information to anyone unless explicitly agreed by you.
For more detailed information, please refer to our Privacy Policy .
Cloud Infrastructure
Tofi.Ai is hosted on a Virtual Private Cloud on Amazon Web Services (AWS), providing a secure and scalable technology platform to ensure we can deliver our services securely and reliably.
Our infrastructure is launched in compliance with the AWS Well-Architected Framework and incorporates best practices from the AWS Cloud Adoption Framework from a security perspective.
Secure Communication
We use the HTTPS protocol for our website and mobile applications (collectively referred to as the "Platform").
All communication between the Platform and our servers is protected via 256-bit encrypted HTTPS protocol. This prevents Man-in-the-Middle (MITM) attacks, ensuring that the connection between us and our users is fully secure.
Network Security
We have strict network segmentation and isolation of environments and services in place to enhance security.
Host Security
We utilize industry-leading solutions for:
Anti-Virus and Anti-Malware
Protection against viruses and malware threats.
Intrusion Prevention and Detection Systems
Continuous monitoring to prevent and detect unauthorized access.
File Integrity Monitoring and Application Control
Ensuring that all applications and files remain secure and unaltered.
Audit Log Aggregation and Automated Patching
Regular auditing and timely updates to maintain security integrity.
All our servers are launched using the Center for Internet Security (CIS) Benchmarks for Amazon Linux, ensuring compliance with industry-recognized security standards.
Data Security
User Authentication
User login is based on One-Time Password (OTP) authentication on the Tofi.Ai website and mobile application.
Data Encryption
All user data and internal stored data are protected by encryption at rest, with sensitive data further protected by application-level encryption.
Access Control
We employ separation of environments and segregation of duties, with strict role-based access control on a documented, authorized, and need-to-use basis.
Key Management
We use key management services to limit access to data, with access restricted to authorized personnel only.
Data Resilience and Reliability
We use data replication for data resiliency and disaster recovery, snapshotting for data durability, and backup/restore testing for data reliability.
Analytics and Business Intelligence
We only use anonymized and aggregated data for internal analytics and business intelligence purposes.
Incident and Change Management
Change Management Process
We have implemented mature processes around Change Management, enabling us to release thoroughly tested features both reliably and securely, ensuring you enjoy the Tofi.Ai experience with maximum assurance and security.
Incident Management System
We maintain an aggressive stance on Incident Management for both system downtime and security.Our Network and Security Operations Center and Information Security Management System are in place to quickly react, remediate, or escalate any incidents arising from planned or unplanned changes.
- Quick Reaction Time
- Continuous Monitoring
- Rapid Response
- Proactive Security
Vulnerability Assessment and Penetration Testing
Comprehensive Security Testing
We collaborate with a network security team that uses industry-leading products to conduct manual and automated Vulnerability Assessment and Penetration Testing (VA/PT) activities, including penetration testing of all applications and endpoints.
Static Application Security Testing
SAST is integrated into our continuous integration and deployment pipeline for thorough code analysis.
Dynamic Application Security Testing
DAST is performed during deployment to identify security vulnerabilities in running applications.
External Auditing
We leverage CERT-IN certified auditors to perform periodic external testing and audits.Regular security assessments and compliance checks
Annual Security Assessment
Third Party Assessment
We undergo an annual security assessment from a designated third party to ensure compliance with industry standards and best practices.
- Industry Standard Compliance
- Best Practice Implementation
Regular Updates
We keep our security assessments updated regularly or as per instructions from relevant authorities and will publish the "Letter of Assessment" on the Tofi.Ai website and mobile applications when applicable.
- Regular Updates
- Published Assessment Letters
Responsible Disclosure
At Tofi Technologies Pvt. Ltd., we are committed to our users' data security and privacy.
Security Commitment
We integrate security at multiple steps within our products using state-of-the-art technology to ensure our systems maintain strong security measures.
Defensive Design
Our overall data and privacy security design allows us to defend our systems from various attacks.
Reporting Vulnerabilities
If you are a security enthusiast or researcher and have found a possible security vulnerability on Tofi.Ai, we encourage you to report the issue to us responsibly.
How to Report
You can submit a bug report to us at security@tofi.ai with detailed steps required to reproduce the vulnerability.
Our Commitment
We will make our best efforts to investigate and fix legitimate issues in a reasonable timeframe, while requesting you not to publicly disclose the vulnerability until it is resolved.
We take your trust seriously and are dedicated to continually improving our security measures to protect your data.
Related Policies
Please also review our: Privacy Policy and Terms of Service
Security Policy
Last Updated: 21st January 2025
How we protect your data at Tofi.Ai
Privacy Practices
At Tofi Technologies Pvt. Ltd., we are committed to safeguarding your personal information and data.
No Renting or Selling of Data
We will never rent or sell your information or data to anyone.
No Use for Advertising
We never use or transfer your data for serving ads, including retargeting, personalized, or interest-based advertising.
Data Sharing
We will never provide any part of your information to anyone unless explicitly agreed by you.
For more detailed information, please refer to our Privacy Policy .
Cloud Infrastructure
Tofi.Ai is hosted on a Virtual Private Cloud on Amazon Web Services (AWS), providing a secure and scalable technology platform to ensure we can deliver our services securely and reliably.
Our infrastructure is launched in compliance with the AWS Well-Architected Framework and incorporates best practices from the AWS Cloud Adoption Framework from a security perspective.
Secure Communication
We use the HTTPS protocol for our website and mobile applications (collectively referred to as the "Platform").
All communication between the Platform and our servers is protected via 256-bit encrypted HTTPS protocol. This prevents Man-in-the-Middle (MITM) attacks, ensuring that the connection between us and our users is fully secure.
Network Security
We have strict network segmentation and isolation of environments and services in place to enhance security.
Host Security
We utilize industry-leading solutions for:
Anti-Virus and Anti-Malware
Protection against viruses and malware threats.
Intrusion Prevention and Detection Systems
Continuous monitoring to prevent and detect unauthorized access.
File Integrity Monitoring and Application Control
Ensuring that all applications and files remain secure and unaltered.
Audit Log Aggregation and Automated Patching
Regular auditing and timely updates to maintain security integrity.
All our servers are launched using the Center for Internet Security (CIS) Benchmarks for Amazon Linux, ensuring compliance with industry-recognized security standards.
Data Security
User Authentication
User login is based on One-Time Password (OTP) authentication on the Tofi.Ai website and mobile application.
Data Encryption
All user data and internal stored data are protected by encryption at rest, with sensitive data further protected by application-level encryption.
Access Control
We employ separation of environments and segregation of duties, with strict role-based access control on a documented, authorized, and need-to-use basis.
Key Management
We use key management services to limit access to data, with access restricted to authorized personnel only.
Data Resilience and Reliability
We use data replication for data resiliency and disaster recovery, snapshotting for data durability, and backup/restore testing for data reliability.
Analytics and Business Intelligence
We only use anonymized and aggregated data for internal analytics and business intelligence purposes.
Incident and Change Management
Change Management Process
We have implemented mature processes around Change Management, enabling us to release thoroughly tested features both reliably and securely, ensuring you enjoy the Tofi.Ai experience with maximum assurance and security.
Incident Management System
We maintain an aggressive stance on Incident Management for both system downtime and security.Our Network and Security Operations Center and Information Security Management System are in place to quickly react, remediate, or escalate any incidents arising from planned or unplanned changes.Quick Reaction TimeContinuous MonitoringRapid ResponseProactive Security
Vulnerability Assessment and Penetration Testing
Comprehensive Security TestingWe collaborate with a network security team that uses industry-leading products to conduct manual and automated Vulnerability Assessment and Penetration Testing (VA/PT) activities, including penetration testing of all applications and endpoints.
Static Application Security TestingSAST is integrated into our continuous integration and deployment pipeline for thorough code analysis.Dynamic Application Security TestingDAST is performed during deployment to identify security vulnerabilities in running applications.
External AuditingWe leverage CERT-IN certified auditors to perform periodic external testing and audits.Regular security assessments and compliance checks
Annual Security Assessment
Third Party AssessmentWe undergo an annual security assessment from a designated third party to ensure compliance with industry standards and best practices.Industry Standard ComplianceBest Practice Implementation
Regular UpdatesWe keep our security assessments updated regularly or as per instructions from relevant authorities and will publish the "Letter of Assessment" on the Tofi.Ai website and mobile applications when applicable.Regular UpdatesPublished Assessment Letters
Responsible Disclosure
At Tofi Technologies Pvt. Ltd., we are committed to our users' data security and privacy.
Security CommitmentWe integrate security at multiple steps within our products using state-of-the-art technology to ensure our systems maintain strong security measures.Defensive DesignOur overall data and privacy security design allows us to defend our systems from various attacks.
Reporting VulnerabilitiesIf you are a security enthusiast or researcher and have found a possible security vulnerability on Tofi.Ai, we encourage you to report the issue to us responsibly.How to ReportYou can submit a bug report to us at security@tofi.ai with detailed steps required to reproduce the vulnerability.Our CommitmentWe will make our best efforts to investigate and fix legitimate issues in a reasonable timeframe, while requesting you not to publicly disclose the vulnerability until it is resolved.
We take your trust seriously and are dedicated to continually improving our security measures to protect your data.
Related Policies
Please also review our: Privacy Policy and Terms of Service
Security Policy
Last Updated: 21st January 2025
How we protect your data at Tofi.Ai
Privacy Practices
At Tofi Technologies Pvt. Ltd., we are committed to safeguarding your personal information and data.
No Renting or Selling of Data
We will never rent or sell your information or data to anyone.
No Use for Advertising
We never use or transfer your data for serving ads, including retargeting, personalized, or interest-based advertising.
Data Sharing
We will never provide any part of your information to anyone unless explicitly agreed by you.
For more detailed information, please refer to our Privacy Policy .
Cloud Infrastructure
Tofi.Ai is hosted on a Virtual Private Cloud on Amazon Web Services (AWS), providing a secure and scalable technology platform to ensure we can deliver our services securely and reliably.
Our infrastructure is launched in compliance with the AWS Well-Architected Framework and incorporates best practices from the AWS Cloud Adoption Framework from a security perspective.
Secure Communication
We use the HTTPS protocol for our website and mobile applications (collectively referred to as the "Platform").
All communication between the Platform and our servers is protected via 256-bit encrypted HTTPS protocol. This prevents Man-in-the-Middle (MITM) attacks, ensuring that the connection between us and our users is fully secure.
Network Security
We have strict network segmentation and isolation of environments and services in place to enhance security.
Host Security
We utilize industry-leading solutions for:
Anti-Virus and Anti-Malware
Protection against viruses and malware threats.
Intrusion Prevention and Detection Systems
Continuous monitoring to prevent and detect unauthorized access.
File Integrity Monitoring and Application Control
Ensuring that all applications and files remain secure and unaltered.
Audit Log Aggregation and Automated Patching
Regular auditing and timely updates to maintain security integrity.
All our servers are launched using the Center for Internet Security (CIS) Benchmarks for Amazon Linux, ensuring compliance with industry-recognized security standards.
Data Security
User Authentication
User login is based on One-Time Password (OTP) authentication on the Tofi.Ai website and mobile application.
Data Encryption
All user data and internal stored data are protected by encryption at rest, with sensitive data further protected by application-level encryption.
Access Control
We employ separation of environments and segregation of duties, with strict role-based access control on a documented, authorized, and need-to-use basis.
Key Management
We use key management services to limit access to data, with access restricted to authorized personnel only.
Data Resilience and Reliability
We use data replication for data resiliency and disaster recovery, snapshotting for data durability, and backup/restore testing for data reliability.
Analytics and Business Intelligence
We only use anonymized and aggregated data for internal analytics and business intelligence purposes.
Incident and Change Management
Change Management Process
We have implemented mature processes around Change Management, enabling us to release thoroughly tested features both reliably and securely, ensuring you enjoy the Tofi.Ai experience with maximum assurance and security.
Incident Management System
We maintain an aggressive stance on Incident Management for both system downtime and security.Our Network and Security Operations Center and Information Security Management System are in place to quickly react, remediate, or escalate any incidents arising from planned or unplanned changes.Quick Reaction TimeContinuous MonitoringRapid ResponseProactive Security
Vulnerability Assessment and Penetration Testing
Comprehensive Security TestingWe collaborate with a network security team that uses industry-leading products to conduct manual and automated Vulnerability Assessment and Penetration Testing (VA/PT) activities, including penetration testing of all applications and endpoints.
Static Application Security TestingSAST is integrated into our continuous integration and deployment pipeline for thorough code analysis.Dynamic Application Security TestingDAST is performed during deployment to identify security vulnerabilities in running applications.
External AuditingWe leverage CERT-IN certified auditors to perform periodic external testing and audits.Regular security assessments and compliance checks
Annual Security Assessment
Third Party AssessmentWe undergo an annual security assessment from a designated third party to ensure compliance with industry standards and best practices.Industry Standard ComplianceBest Practice Implementation
Regular UpdatesWe keep our security assessments updated regularly or as per instructions from relevant authorities and will publish the "Letter of Assessment" on the Tofi.Ai website and mobile applications when applicable.Regular UpdatesPublished Assessment Letters
Responsible Disclosure
At Tofi Technologies Pvt. Ltd., we are committed to our users' data security and privacy.
Security CommitmentWe integrate security at multiple steps within our products using state-of-the-art technology to ensure our systems maintain strong security measures.Defensive DesignOur overall data and privacy security design allows us to defend our systems from various attacks.
Reporting VulnerabilitiesIf you are a security enthusiast or researcher and have found a possible security vulnerability on Tofi.Ai, we encourage you to report the issue to us responsibly.How to ReportYou can submit a bug report to us at security@tofi.ai with detailed steps required to reproduce the vulnerability.Our CommitmentWe will make our best efforts to investigate and fix legitimate issues in a reasonable timeframe, while requesting you not to publicly disclose the vulnerability until it is resolved.
We take your trust seriously and are dedicated to continually improving our security measures to protect your data.
Related Policies
Please also review our: Privacy Policy and Terms of Service
The Future of Care Is Smart, Seamless, and Here
Hecco.ai streamlines healthcare by consolidating fragmented records into a smart, AI-powered system. With real-time synchronization and predictive analytics, we enable faster, more personalized care
©2025 TOFI Technologies Pvt Ltd All rights reserved
Tofi Technologies private limited, 235 binnamangala, 2nd flr, 13th cross road 2nd stage, bangalore north, indiranagar, bangalore-560038, karnataka
The Future of Care Is Smart, Seamless, and Here
Hecco.ai streamlines healthcare by consolidating fragmented records into a smart, AI-powered system. With real-time synchronization and predictive analytics, we enable faster, more personalized care
Privacy Policy
Terms of Service
Security
Google API Disclosure
©2025 TOFI Technologies Pvt Ltd All rights reserved
Tofi Technologies private limited, 235 binnamangala, 2nd flr, 13th cross road 2nd stage, bangalore north, indiranagar, bangalore-560038, karnataka
The Future of Care Is Smart, Seamless, and Here
Hecco.ai streamlines healthcare by consolidating fragmented records into a smart, AI-powered system. With real-time synchronization and predictive analytics, we enable faster, more personalized care
©2025 TOFI Technologies Pvt Ltd All rights reserved
Tofi Technologies private limited, 235 binnamangala, 2nd flr, 13th cross road 2nd stage, bangalore north, indiranagar, bangalore-560038, karnataka