1touch.io Trust Center

Lasting Partnerships Are Built on Trust

1touch.io ensures our customer data is rigorously protected in line with security, compliance, and privacy frameworks.

Information Security Program

We maintain an internal Information Security Program (ISP) that addresses both our products and our general business practices. The ISP ensures a secure environment for our employees, customers, systems, and the data we manage. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, including:

  • Access controls

  • Employee training
  • Physical security
  • Network and cloud security
  • Encryption
  • Credential and key management
  • Secure software development life cycle (SSDLC) practices

Certifications and Compliance

As part of our commitment to safeguarding customer data and maintaining excellence in security controls, 1touch.io holds industry-leading certifications:

SOC 2 Type 2 Compliance

1touch.io undergoes an annual SOC 2 Type 2 audit to ensure proper safeguards for customer data and to evaluate the effectiveness of security controls. Our SOC 2 Type 2 report is available upon request under a non-disclosure agreement (NDA).

ISO 27001 Certification

1touch.io is ISO 27001 certified, demonstrating our adherence to best practices for information security management systems (ISMS). This certification ensures we systematically manage risks related to the security of information assets.

Platform Security

As a cloud-native platform, 1touch.io provides scalable and secure solutions, incorporating:

Encryption

  • Data in transit and at rest is encrypted using AES-256 and TLS 1.2/1.3.
  • Fine-grained encryption levels (Raw/Column/Value) ensure compliance with financial, health, and privacy regulations.

Authentication & Authorization

  • Supports OAuth2/OpenID standards with Multi-Factor Authentication (MFA).
  • Uses API Gateway security with token-based authentication to protect access.

Advanced API Security

  • Implements API rate limiting and gateway protections to prevent abuse and cyber threats.
  • Adopts secure communication protocols and authentication frameworks.

Proactive Monitoring & Logging

  • Continuous logging and security auditing using Security Audit Logs and user activity audits.
  • Monitors and detects anomalies in real-time.

Encryption

  • Data in transit and at rest is encrypted using AES-256 and TLS 1.2/1.3.
  • Fine-grained encryption levels (Raw/Column/Value) ensure compliance with financial, health, and privacy regulations.

Authentication & Authorization

  • Supports OAuth2/OpenID standards with Multi-Factor Authentication (MFA).
  • Uses API Gateway security with token-based authentication to protect access.

Advanced API Security

  • Implements API rate limiting and gateway protections to prevent abuse and cyber threats.
  • Adopts secure communication protocols and authentication frameworks.

Proactive Monitoring & Logging

  • Continuous logging and security auditing using Security Audit Logs and user activity audits.
  • Monitors and detects anomalies in real-time.

Infrastructure & Subprocessors

To provide our customers with reliable services, 1touch.io partners with leading cloud providers for infrastructure hosting:

Sub-Processor Storage Location Purpose
Google Cloud Platform USA SaaS
Coralogixg USA Centralized logging & analytics
Sub-Processor Storage Location Purpose
Google Cloud Platform USA SaaS
Coralogixg USA Centralized logging & analytics

Network & Data Protection

As part of our commitment to safeguarding customer data and maintaining excellence in security controls, 1touch.io holds industry-leading certifications:

Network Security
  • VPC-based architecture enforces strict segmentation and resource isolation.
  • Firewall rules ensure that only trusted traffic can access 1touch.io environments.
Data Protection
  • Encryption at rest using Customer-Managed Encryption Keys (CMEK) for enhanced control.
  • Enforced TLS 1.2+ for all communications.

Security Audit & Incident Response

1touch.io maintains an extensive incident response framework, integrating:

  • Real-time security monitoring and anomaly detection.
  • Automated security playbooks for rapid threat mitigation.
  • Continuous risk assessment and compliance monitoring.

Product Architecture

The 1touch.io platform is built with a multi-layered security architecture to ensure data integrity, privacy, and operational resilience. The platform consists of three primary deployment units:

  • Network Analytic Engine (NAE): Handles real-time network traffic analysis and data flow monitoring.
  • Analytic Engine (AE): Processes and analyzes discovered data assets while applying security and compliance policies.
  • Console Manager (CM): The central management interface provides visibility into data classification, security alerts, and compliance reports.
Data Flow & Security Mechanisms
  • All inter-component communication is secured using HTTPS/TLS encryption.
  • Access to components is controlled through OAuth2/OpenID authentication frameworks.
  • Logs and audit trails are collected to ensure real-time monitoring and threat detection.
  • Kubernetes-based architecture ensures scalability and high availability.

Still have more questions? Let’s talk to our experts