Security
Your data security is our top priority. ToolEquip employs industry-standard security measures to protect your information.
Data Encryption
All data in ToolEquip is protected with strong encryption:
- In Transit — All traffic is encrypted using TLS 1.3. We support only strong cipher suites and regularly audit our SSL configuration.
- At Rest — All stored data is encrypted using AES-256. Database backups are also encrypted with separate keys.
- API Encryption — All API calls require HTTPS. API keys are stored hashed and salted.
Authentication
Multiple authentication options are available:
- Password-based — Strong password policies with PBKDF2 hashing (100,000 iterations)
- Two-Factor Authentication — TOTP-based 2FA using authenticator apps
- Single Sign-On — SAML 2.0 and OIDC support for Enterprise plans
- Session Management — Secure HTTP-only cookies with automatic timeout after inactivity
Access Control
Granular role-based access control ensures users only see what they need:
- Five predefined roles from Viewer to Owner
- Location-based restrictions for multi-site organizations
- Category-based restrictions for sensitive tool categories
- Audit logs track every access and action
Infrastructure Security
ToolEquip runs on Cloudflare's global network:
- DDoS protection at the network edge
- Web Application Firewall (WAF) blocking OWASP Top 10 threats
- Rate limiting on all API endpoints
- Regular penetration testing by third-party security firms
- 24/7 security monitoring and incident response
Compliance
ToolEquip maintains compliance with major security standards:
- SOC 2 Type II — Annual audit of security, availability, and confidentiality controls
- GDPR — Full compliance with EU data protection requirements
- CCPA — Compliance with California Consumer Privacy Act
- HIPAA — Business Associate Agreement available for healthcare customers (Enterprise)
Data Backups and Disaster Recovery
Your data is protected with:
- Automated daily backups with 30-day retention
- Cross-region replication for disaster recovery
- Recovery Point Objective (RPO) of 1 hour
- Recovery Time Objective (RTO) of 4 hours
- Regular disaster recovery testing
Reporting Vulnerabilities
If you discover a security vulnerability, please report it to security@tool-equipment-management.com. We offer a bug bounty program for validated findings. We commit to acknowledging receipt within 24 hours and providing an initial assessment within 72 hours.