Encryption Standards
Encryption in Transit
All data transmitted to and from Toku's platform is encrypted using TLS 1.3. This covers browser sessions on the admin dashboard, API-to-API integrations with HRIS, payroll, and custody platforms, internal service-to-service communication, and webhook/callback payloads.
Toku enforces a minimum of TLS 1.2 and rejects connections using deprecated cipher suites. HSTS (HTTP Strict Transport Security) is enabled on all public endpoints.
Encryption at Rest
All database records containing employee PII, compensation data, wallet addresses, and payment records are encrypted using AES-256 at the storage layer. File system encryption is enabled on all volumes hosting application data. Backups are encrypted with AES-256 using separate key management from production systems.
Key Management
Encryption keys are managed through the cloud provider's key management service with automatic key rotation. Application-level secrets including API credentials and integration tokens are stored in encrypted secret management infrastructure. Secrets are never committed to source code, logged in application logs, or exposed in error messages.
All API credentials for client integrations are stored encrypted and are rotated on a defined schedule or immediately upon any suspected compromise.
Hashing
Personal API tokens are hashed with SHA-256 before storage. Password reset tokens are generated using cryptographically secure random number generation (crypto.randomBytes), not pseudorandom functions.
Data We Collect
Toku collects only the data required for payroll processing and employment administration. The table below covers every category of data Toku stores.
| Data Category | Specific Fields | Source System | Purpose |
|---|---|---|---|
| Employee Identity | First name, last name | HRIS | Match payroll records to custody transactions; display in admin dashboard |
| Employee Contact | Email address | HRIS | Platform login, notifications, pay stub delivery |
| Employee Address | Street address, city, state/province, postal code, country | HRIS | Tax jurisdiction determination, regulatory compliance |
| Compensation | Base salary, compensation currency | HRIS | Payment calculations, deduction validation |
| Payroll Cycle Data | Pay period dates, gross pay, net pay, itemized deductions, pay frequency | Payroll Platform | Calculate settlement amounts, reconciliation |
| Wallet Addresses | Blockchain wallet address(es), network type | Custody Platform | Route approved payments to verified employee wallets |
| Payment Records | Transaction hash, settlement amount, asset type, timestamp, status | Custody Platform | Payment confirmation, reconciliation, audit trail |
| Authentication Data | Hashed password, MFA seed (encrypted), session tokens | Toku Platform | Secure platform access |
| Audit Logs | Login timestamps, IP addresses, actions performed, API calls | Toku Platform | Security monitoring, compliance auditing |
Data Flow Architecture
Inbound Data (HRIS and Payroll to Toku)
Data syncs from HRIS and payroll platforms to Toku over encrypted API connections using OAuth 2.0 authentication. Each API credential is scoped to read-only access with least-privilege permissions. Syncs run on a cadence aligned to each client's pay cycle. No write-back occurs to the HRIS or payroll platform.
Outbound Data (Toku to Custody Platform)
Toku submits transaction instructions through authenticated API calls. Transaction instructions include the recipient wallet address, amount, and an internal reference ID. The client's custody platform requires the client's own approval before any funds move. Toku's API credential cannot unilaterally execute transactions.
Data Retention
Data is retained for the duration of service plus a post-termination period per Toku's data retention policy. Payroll and payment records are retained in alignment with applicable tax authority requirements. Audit logs are retained for a minimum of 90 days in active storage and 1 year in archives, with critical security logs retained for 7 years.
Clients may request deletion of their organization's data in accordance with applicable data protection regulations (GDPR, CCPA/CPRA). Deletion requests are confirmed in writing and processed per Toku's data retention policy.
Data in Non-Production Environments
Toku implements strict controls to keep production data out of non-production environments. Automated data masking replaces confidential fields. PII is scrubbed before non-production use. Development, test, and staging environments have production-equivalent security. Network isolation prevents direct connectivity to production databases.
AI and Data Processing
Toku does not process PII or proprietary customer data through AI systems. Internal AI use is limited to non-customer-data workflows, and access to those workflows is governed by Toku security policies.