Security

Toucan’s websites and web applications aim to support business and solidarity networks in achieving their mission, through digitization and mutualization, while respecting the autonomy of each.

We protect your data
All data is written instantly to multiple disks, backed up automatically and remotely at least once an hour.

Your data is sent via HTTPS
Every time your data is in transit between you and us, everything is encrypted and sent via HTTPS (sha256RSA 2048 bit). In our private networks protected by a firewall, data can be transferred unencrypted. We maintain an A+ certification from Qualys / SSL Labs.

Data Storage
Uploaded files are hosted in private containers with redundant infrastructure. Data captured through our software applications is stored in our databases and is subject to the same protection and monitoring as the rest of our systems. Our database backups are encrypted.

Redundancy for all major systems
Our systems are designed to remain operational even in the event of a multiple server failure.

Sophisticated physical security
Our data centers are located in Canada. We are committed to working only with data center providers that maintain state-of-the-art access control, including video surveillance, security, access lists and exit procedures.

We protect your billing information
All credit card transactions are processed using secure encryption, the same level of encryption used by major banks. Card information is securely transmitted, stored and processed on a PCI compliant network.

Regularly updated infrastructure and constant monitoring
Our software infrastructure is regularly updated with the latest security patches. Our products run on a dedicated network that is locked down with firewalls and carefully monitored. We use third-party security tools to continuously scan for vulnerabilities.

Availability and reliability
Our application is available 24/7. Our goal is to maintain a monthly availability of at least 99.99%, we maintain a history of incidents and service availability metrics on our status site: https://status.toucanhq.com

Access and authentication
User passwords are stored as a hashed string with the Bcrypt algorithm. Toucan respects and implements the OAuth 2.0 and OpenID standards for all access authorizations to resources made available through its REST API.

Capacity
Our infrastructure is designed to be elastic, allowing it to evolve according to the usage rate of its various application modules. We monitor and evaluate the impact on our users of the critical points of our application in order to make possible performance improvements as quickly as possible.

Accountability
We keep an audit of changes made to business data. Each change is associated with the user who made it, the type of change (addition, modification, deletion), the differential of the change and a timestamp. The retention rules are defined in the service level of the contract (usually between 7 days and 90 days).

Efficiency
We are sensitive to the resources consumed and optimize our code to reduce its environmental impact.