Certificates
Legal professionals handle some of the most sensitive information. Toorey is built from the ground up with enterprise-grade security to protect that trust.
Last updated: February 1, 2026
Independently verified
Our security practices are regularly audited by independent third parties to ensure we meet the highest standards.
SOC 2 Type II
Independently audited security controls and practices
GDPR Compliant
Full compliance with EU data protection regulations
CCPA Compliant
Meeting California Consumer Privacy Act requirements
Data Protection
Encryption at rest
All data is encrypted using AES-256, the same standard used by banks and government agencies.
Encryption in transit
All data transmitted to and from Toorey is protected with TLS 1.3 encryption.
Key management
Encryption keys are managed through a dedicated key management service with automatic rotation.
Access Control
Role-based permissions
Granular access controls let you define exactly who can see and do what.
Single sign-on (SSO)
Integrate with your identity provider for centralized authentication management.
Multi-factor authentication
Require MFA for all users with support for authenticator apps and hardware keys.
Infrastructure
Redundant infrastructure
Data is replicated across multiple availability zones for high availability.
Continuous backups
Automated backups with point-in-time recovery for the past 30 days.
Global CDN
Fast, secure access from anywhere with a global content delivery network.
Monitoring & Compliance
Complete audit logs
Every action is logged with user, timestamp, and details for compliance reporting.
Threat detection
Real-time monitoring for suspicious activity and automated threat response.
Vulnerability scanning
Regular penetration testing and vulnerability assessments by third-party security firms.
Security FAQ
Common questions about how we protect your data.
Where is my data stored?
All data is stored in SOC 2 certified data centers in the United States. Enterprise customers can choose data residency in the US, EU, or other regions.
Who has access to my data?
Only authorized Toorey employees with a specific business need can access customer data, and all access is logged and audited. We never sell or share your data with third parties.
What happens if there's a data breach?
We have comprehensive incident response procedures. In the event of a breach, affected customers will be notified within 72 hours with full details of the incident and remediation steps.
Can I export my data?
Yes. You own your data and can export it at any time in standard formats. We also provide data portability assistance for customers leaving the platform.
Do you have a bug bounty program?
Yes. We work with security researchers through our bug bounty program to identify and fix vulnerabilities. Contact security@toorey.com for details.