TORKEHUB AI CRM and automation security policy

Every modification and introduction of new features at TORKEHUB adheres to a meticulous change management policy, ensuring that all alterations to applications are duly authorized before being implemented in the production environment. Our Software Development Life Cycle (SDLC) mandates strict adherence to secure coding guidelines. All code changes undergo thorough scrutiny for potential security issues, utilizing code analyzer tools, vulnerability scanners, and manual review processes.

Our robust security framework, aligned with OWASP standards and integrated at the application layer, incorporates functionalities designed to counter threats such as SQL injection, Cross-Site Scripting, and application layer Denial-of-Service (DOS) attacks.

TORKEHUBframework effectively distributes and upholds cloud space for individual customers. Each customer's service data undergoes logical separation from other customers' data, achieved through secure protocols embedded in the framework. This meticulous approach ensures that no customer's service data becomes accessible to another customer.

Service data is stored on our servers when using TORKEHUB services. Ownership of your data resides with you, and TORKEHUB does not share this data with any third-party without your explicit consent.

In Transit: All customer data transmitted to our servers over public networks benefits from robust encryption protocols. TORKEHUB mandates the use of Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers for all connections, including web access, API access, mobile apps, and IMAP/POP/SMTP email client access. This ensures secure connections by authenticating both parties and encrypting data during transfer. For email services, we default to opportunistic TLS , securing email delivery and mitigating eavesdropping between mail servers where peer services support this protocol.

We fully support Perfect Forward Secrecy (PFS) with our encrypted connections, ensuring that even if compromised in the future, no previous communication can be decrypted. Implementation of the HTTP Strict Transport Security header (HSTS) on all web connections directs modern browsers to connect only over encrypted channels. Additionally, all authentication cookies on our web platform are flagged as secure.

At Rest: Sensitive customer data at rest undergoes encryption using the robust 256-bit Advanced Encryption Standard (AES) Encryption specifics vary with the services you opt for. TORKEHUB owns and manages keys through an in-house Key Management Service (KMS). An additional layer of security is added by encrypting data encryption keys using master keys. These master keys and data encryption keys are physically separated and stored in different servers with restricted access.

We retain data in your account for the duration of your TORKEHUB services usage. upon termination of your TORKEHUB user account, your data is expunged from the active database during the subsequent cleanup, occurring every 6 months. data deleted from the active database is further removed from backups after 3 months. In instances where your unpaid account remains inactive for a continuous period of 120 days, we reserve the right to terminate it, providing prior notice and an option to back up your data.

A verified and authorized vendor conducts the disposal of unusable devices, which are categorized and securely stored until disposal. any information within these devices is formatted before disposal. failed hard drives undergo degaussing followed by physical destruction using a shredder. failed solid state devices (SSDs) undergo crypto-erasure before being shredded.

Upon induction, each employee signs a confidentiality agreement and acceptable use policy. subsequently, they undergo training in information security, privacy, and compliance. evaluation of their understanding through tests and quizzes guides further training on specific security aspects based on their roles.

Continuous education on information security, privacy, and compliance is facilitated through our internal community, where regular check-ins occur to keep employees abreast of organizational security practices. Internal events are also hosted to enhance awareness and foster innovation in security and privacy.

At TORKEHUB, we uphold a robust logging and monitoring system, meticulously analyzing information derived from services, internal network traffic, and device usage. event logs, audit logs, fault logs, administrator logs, and operator logs are diligently recorded. these logs undergo automated monitoring and analysis to identify anomalies, such as unusual activity in employees' accounts or attempts to access customer data. stored on a secure server isolated from full system access, we manage access control centrally to ensure availability.

Comprehensive audit logging, encompassing all user-performed update and delete operations, is transparently available to our customers in every TORKEHUB service.

TORKEHUB employs an automated scanning system to rigorously scan all user files, preventing malware dissemination throughout our ecosystem. our custom anti-malware engine, regularly updated from external threat intelligence sources, scans files against blacklisted signatures and malicious patterns. our proprietary detection engine, integrated with machine learning techniques, ensures robust protection against malware.

Supporting domain-based message authentication, reporting, and conformance (DMARC) to prevent spam, we utilize SPF and DKIM for message authenticity verification. our proprietary detection engine combats abuse of TORKEHUB services, addressing phishing and spam activities. additionally, a dedicated anti-spam team monitors signals and manages abuse complaints.

TORKEHUB conducts incremental daily backups and weekly full backups of databases using the TORKEHUB admin console (TAC) for TORKEHUB's data centers. stored in the same location and encrypted with AES-256 bit algorithms, backup data is maintained in tar.gz format. all backups are retained for three months. upon customer request for data recovery within this retention period, data is restored, and secure access is provided. the restoration timeline depends on data size and complexity.

To enhance data safety, a redundant array of independent disks (RAID) is employed in backup servers. regularly scheduled and tracked, backups undergo automatic integrity and validation checks through the TAC tool.

From your perspective, we strongly recommend scheduling regular data backups by exporting them from the respective TORKEHUB services and storing them locally in your infrastructure.

TORKEHUB implements single sign-on (SSO), streamlining user access across multiple services through a unified sign-in page and authentication credentials managed by our integrated Identity and access management (IAM) service. additionally, we extend support for security assertion markup language (SAML), allowing customers to integrate their company's identity provider, such as LDAP or ADFS, during TORKEHUB services login.

SSO not only simplifies the login process but also ensures compliance, offers robust access control and reporting, and mitigates the risk of password fatigue, consequently reducing vulnerabilities associated with weak passwords.

Stringent measures are in place to govern administrative access. technical access controls and internal policies prohibit employees from arbitrarily accessing user data. adhering to the principles of least privilege and role-based permissions, we minimize the risk of data exposure.

Access to production environments is centralized and authenticated using a combination of robust passwords, two-factor authentication, and passphrase-protected SSH keys. this access is facilitated through a segregated network with stringent rules and fortified devices. additionally, we meticulously log all operations and conduct periodic audits to ensure compliance and security.