We know that your data is sensitive. Thousands of companies worldwide use Tontine every day to generate hundreds of millions of data insights on their e-commerce stores. That’s why we’ve built Tontine with military-grade security features at the forefront, and supplement that with regular audits to ensure you’re always protected.
We design with a security-first mindset. Tontine is built with rock-solid controls to keep your data safe and secure.
We care about our relationship with you and work hard to earn your trust. Our company and teams are structured to offer you gold-standard protection.
Tontine meets stringent privacy and security standards based on industry best practices.
We apply strict access controls to protect user accounts.
Tontine requires authentication for access to all application pages on the platform, except for those explicitly intended to be public. Our data is protected by military-grade encryption (RSA-4096 and AES-256).
All passwords stored with Tontine are hashed with a random salt using industry-standard techniques. All data sent to or from Tontine is encrypted using TLS, and all customer data is encrypted with military-grade encryption (RSA-4096 and AES-256)
We have processes designed to enforce minimum password requirements internally throughout the platform, and we currently enforce the following requirements and security standards:
Each time a user logs into Tontine, the system assigns them a new, unique session identifier, currently consisting of 64 bytes of random data designed for protection against brute forcing. All sessions are designed to have a hard timeout (currently set to 7 days).
Single sign-on sessions are configured with an inactivity timeout as well (currently, 12 hours). There is an optional setting to terminate any session after 15 minutes of inactivity — please reach out to us to enable this. When signing out of Tontine, the system is designed to delete the session cookie from the client and to invalidate the session identifier on Tontine’s servers.
Tontine proactively monitors and updates its data transfer technologies periodically to provide maximum network security while still remaining performant.
By default, all communications on the Tontine platform are protected with military-grade encryption (RSA-4096 and AES-256). This includes using Transport Layer Security (TLS) with regular updates to cipher suites and configurations.
Network security —
Tontine regularly updates its network architecture schema and records data flows between its systems. Firewall rules and access restrictions are reviewed for appropriateness on a regular basis.
Activity logs —
Activity logs are kept at all account levels, including but not limited to the following actions undertaken by any user:
These activity logs are kept for your benefit, and you may request part or all of it at any time subject to the contract you signed with Tontine prior to the commencement of the service.
We host all of our data in physically secure, U.S.-based Amazon Web Services (AWS) facilities that include 24/7 on-site security, camera surveillance and more. Learn more about AWS security protocols.
All data is encrypted in transit (using TLS) and at rest (using AES-256).
Tontine’s infrastructure is designed to be fault tolerant. All databases operate in a cluster configuration and the application tier scales using load balancing technology that dynamically meets demand to achieve industry-leading data redundancy and resiliency.
All servers are configured using a documented set of security guidelines and images are managed centrally. Changes to the company’s infrastructure are tracked and documented, and security events are logged appropriately.
At Tontine, we know that your data is precious and we’re focused on protecting it.
Tontine’s Security, Privacy and Compliance Team reports directly to the CEO. This cross-functional team focuses on proactively mitigating threats with respect to data breaches, database penetration, and compliance violations in accordance with established global data protection and security frameworks.
The Security, Privacy and Compliance Team conducts periodic risk assessments for Tontine — top risks are shortlisted, root cause analysis is performed, and treatment plans are prepared and disseminated. The Chief Technology Officer is responsible for monitoring progress on the treatment plans.
Our employees are held to the highest standards of data and privacy protection and we further supplement that with professional development on information security training programs, strict job controls and restricted access to your data.
Your data is yours. Tontine designs, reviews and tests all software for Tontine’s platform using applicable OWASP standards.
The software we develop for Tontine’s platform is continuously monitored and tested using processed design to proactively identify and remediate vulnerabilities. This involves conducting a number of vulnerability assessments, including:
Pair programming/cross-function peer reviews prior to merging any code to the main codebase.
Employing third-party software services (like Rainforest QA) to automate source code analyses and find common security defects.
Employing third-party consulting firms to manually review security-sensitive areas of the codebase.
Proactively commencing third-party security assessments and penetration tests at least semi-annually.
Tontine is currently beta testing a bug bounty program to encourage white-hat penetration tests and the reporting of security issues within the platform.
To join this program or report a newly discovered bug, please email email@example.com (with the subject line “Bug bounty program”). We aim to respond to all inbound emails within 72 hours.
GDPR: We comply with GDPR as a data processor, and manage the transfer of data via Standard Contractual Clauses.
CCPA: We ensure policies, processes, and controls comply with CCPA requirements. We have at least one Data Privacy-focused law firm located in California retained to ensure compliance at all times.
If you have any questions about implementing or the implementation of any of these security, privacy and compliance measures, please contact your Tontine Account Manager. If you do not have access to an Account Manager, contact us at firstname.lastname@example.org. Our security measures are constantly evolving to keep up with the changing security landscape. As such, we may update this page from time to time to reflect these technical and organizational changes without prior notice to you.
We’ll either increase your profit margins, or give you your money back. Requesting a consultation could be the most profitable thing you do this week, and you don’t need to spend a thing!