# Privacy & Security ToggleX processes sensitive workflow data, and we treat that responsibility seriously. Here's how your data is protected at every layer. #### Encryption All user data is encrypted using AES (Advanced Encryption Standard) before it ever leaves your browser. Each user gets a unique encryption key, meaning even if data were intercepted in transit, it would be unreadable without your specific key. #### Infrastructure ToggleX runs on Microsoft Azure inside a secured Virtual Network (VNet). Every service operates in its own isolated subnet with strict traffic rules — services can only communicate with what they need to, and nothing more. Key architectural decisions: * **Application Gateway** — The single entry point to our system. All external traffic passes through here and nowhere else. * **Isolated AI model** — The AI model that processes your data sits in its own subnet. It is the only service that can access the main database. It has no public IP address and cannot be reached from outside the network. * **Receive-only ingestion** — Our data ingestion service accepts incoming data but never sends responses back to the external network. This eliminates an entire class of data exfiltration risks. * **Azure Firewall** — Monitors and controls all traffic at the network perimeter, blocking unauthorized access including traffic from known threat networks. #### Why this architecture matters **Isolation** — If any single service were compromised, the breach would be contained to that service's subnet. It cannot spread laterally across the network. **Minimal attack surface** — Each subnet only allows the traffic it absolutely needs. Fewer open pathways means fewer potential entry points for attackers. **Granular access control** — Each service has its own security policies tailored to its specific role. No blanket permissions. **Faster threat detection** — Monitoring isolated subnets is far easier than monitoring a flat network. Anomalies are spotted quickly in smaller, controlled environments. #### Compliance Our architecture aligns with best practices under **ISO/IEC 27001**, including strict network segmentation, role-based access control, and system isolation for critical services. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://toggle.gitbook.io/togglex/privacy-and-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.