Data Protection and Security with Toddly
At Toddly, we prioritize the security and privacy of your data. Our comprehensive security measures ensure that your information is protected through industry-standard encryption, secure infrastructure, and strict access controls. We continuously monitor and update our security practices to maintain the highest standards of data protection.
Payment Security
PCI DSS Level 1 Compliant
Toddly uses Stripe, the industry's most trusted payment processor with the highest level of PCI compliance.
No Financial Data Storage
We never store financial information on our servers—all payment data is securely tokenized and stored by Stripe.
End-to-End Encryption
All payment processing uses end-to-end encryption to protect your financial information during transactions.
Account Security & Authentication
Biometric Login
Support for Face ID, Touch ID, and Windows Hello for secure and convenient authentication.
JWT Authentication
Secure JWT tokens with 15-minute expiration to minimize exposure in case of compromise.
Secure Password Storage
Passwords are hashed and stored using industry-standard practices with salt encryption.
Data Privacy
No Data Selling or Sharing
Toddly does not sell or share personal data with third parties. Your information stays private and secure.
Data Processing Agreements
We formalize Data Processing Agreements (DPAs) with schools to document our security practices and commitments.
Compliance & Audits
SOC 2 Best Practices
We follow SOC 2 best practices for data security, availability, and confidentiality using enterprise-grade infrastructure.
Enterprise-Grade AWS
Built on Amazon Web Services with continuous monitoring and enterprise-level security controls.
Advanced Security Features
Real-Time Threat Detection
Continuous monitoring via Sentry for immediate threat identification and response.
IP Blacklisting
Automatic blocking of suspicious IP addresses and malicious traffic patterns.
Bot Detection
Advanced algorithms to detect and prevent automated attacks and spam.
Full Audit Trails
Comprehensive logging of all security events for monitoring and compliance.
Infrastructure Security
Encrypt User Data
All sensitive user data is encrypted both in transit and at rest, ensuring maximum protection against unauthorized access.
Rate Limiting
We implement rate limiting to prevent abuse, ensuring fair and secure usage of our application by all users.
Secure Server-Side Storage
All user data is stored on secure servers with access restricted to authorized personnel only.
HTTPS for Secure Communication
All client-server communication is encrypted using HTTPS, providing a secure channel for data transfer.
Authentication and Access Controls
We enforce strong authentication and access control policies to ensure only authorized users can access sensitive data and features.
CSRF Protection
CSRF tokens are used to validate user requests and prevent unauthorized actions, protecting against cross-site request forgery attacks.
Nightly Database Backups
We perform nightly database backups retained for disaster recovery, ensuring your data can be restored in case of any unexpected incidents.
Database Hosted in a VPC
Our database is hosted within a Virtual Private Cloud (VPC), preventing unauthorized internet access.
Encrypted Database Connections
All database connections are encrypted using SSL/TLS to prevent interception during data transfer.
ORM to Prevent SQL Injection
We use an Object-Relational Mapper (ORM) to safely interact with the database, preventing SQL injection attacks.
Secure File Handling
All file uploads and storage are handled securely through AWS S3 with proper access controls and encryption.
Secure Session Management
Sessions are managed securely with proper timeout controls and secure cookie settings to prevent unauthorized access.
Have Questions About Our Security?
We understand that the security of your family's information is paramount. If you'd like to discuss any of these security measures in more detail or have specific questions about our data protection practices, we're here to help.
Get in touchWe're committed to maintaining a safe, reliable platform for all families and are happy to provide additional information about our security practices.
