Referred customers receive a 10% discount on all core offerings and solutions - up to $5,000. Contact us now!
Book a Demo

Data Security

Cryptocurrency & Custody Security

Classification: External / Client-FacingContact: security@toku.com

Non-Custody Model

Toku operates on a strict non-custody model. This is an architectural decision, not a policy choice. Toku never takes custody or control of client funds. Clients select their custody provider and keep full control of private keys and transaction approval.

Toku's role is to calculate payroll settlement amounts, propose transactions to the custody platform, and confirm settlement after client-approved execution. Toku does not hold funds, private keys, or signing authority at any point.

Transaction Flow

Digital asset payment workflows follow a strict approval chain:

  1. Preparation: Toku prepares payment instructions based on authorized payroll data.
  1. Proposal: Toku submits the transaction instruction to the client's custody provider via authenticated API, including recipient wallet address, amount, and internal reference ID.
  1. Client Approval: The client reviews and approves the transaction through their custody provider's interface, typically using multi-signature or policy-engine approval.
  1. Execution: The custody provider executes the approved transaction on the blockchain.
  1. Confirmation: Toku confirms settlement and updates payment records with the transaction hash and timestamp.

Toku cannot unilaterally execute any transaction. Client approval is enforced at the custody platform level, outside of Toku's infrastructure.

Asset and Network Controls

Asset and network configuration is governed through client-controlled custody settings, scoped API credentials, and approval workflows. Toku records the asset, network, amount, transaction hash, timestamp, and status needed for reconciliation and auditability.

Custody Provider Security Review

Custody providers are reviewed for security posture, access-control capabilities, API credential handling, approval workflows, and relevant compliance evidence before use in customer workflows.

Each integration uses scoped API credentials that can propose transactions but cannot sign or execute them.

Wallet Security

Employee wallet addresses are collected through the Toku platform and stored encrypted (AES-256 at rest). Wallet addresses are used exclusively for routing approved payments. Toku does not have access to employee private keys or the ability to move funds from employee wallets.

Blockchain Transaction Integrity

All completed transactions are recorded with the on-chain transaction hash, providing an immutable, independently verifiable record of every payment. Clients and employees can verify any transaction directly on the relevant blockchain explorer.

Separation of Duties

The non-custody model creates a natural separation of duties. Toku handles calculation and proposal. The client handles approval and execution through their custody provider. No single party can unilaterally move funds. This is enforced at the infrastructure level, not by policy alone.