Tonguestun Data Security
Physical security
The TongueStun development center in Bangalore is under 24x7 security protection. Critical locations in the shared office are accessible only to authorized individuals. Important documents are stored in cabinets that can only be accessed by pre-authorized individuals. The office is equipped with surveillance cameras and their footage is monitored. Fire alarms and water sprinklers are in place to detect and mitigate damage in the unlikely event of a fire. A policy has been implemented to approve and regulate visitor access to the building. The office is provided with 24x7 power supply, supported by an alternative uninterrupted power supply system to ensure smooth functioning in the event of power failure. TongueStun hosts its application and data in industry-leading Amazon Web Services, whose data centers have been thoroughly tested for security, availability and business continuity.
Application security
All of TongueStun products are hosted in Amazon Web Services. The infrastructure for databases and application servers is managed and maintained by Amazon. At TongueStun, we take a multifaceted approach to application security, to ensure everything from engineering to deployment, including architecture and quality assurance processes complies with our highest standards of security.
Application Architecture
The application is initially protected by firewall which is equipped to counter regular DDoS attacks and other network related intrusions. The second layer of protection is TongueStun own internal firewall which prevent external IPs, users and spam. While the application can be accessed only by users with valid credentials, it should be noted that security in cloud-based products is a shared responsibility between the company and the individuals who own those accounts on the cloud.

It should be noted that all account passwords that are stored in the application are one-way hashed and salted.

TongueStun uses a micro service model to host all its applications.

Our database resides within an internal network in AWS. It’s set not to be accessed from anywhere other than the application. Also it’s password protected. The database is hosted with a feature called multi zone availability - which ensures a standby copy of the database is available in a different zone just in case of failure. Apart from these, AWS performs daily backups. Our application is designed to make use of scopes - only his own records can be manipulated by a user. So even if a user tries to misuse any credentials, his own data will be affected. Data of rest of the users will be secure.
Application Engineering and Development
Our lead engineers are trained in industry-leading secure coding standards and guidelines to ensure our products are developed with security considerations from the ground-up. A security review is a mandatory part of application engineering (development and construction) process at TongueStun.
Quality Assurance
Besides functional validation and verification, the quality assurance process at TongueStun also subjects application updates to a thorough security validation. The validation process is performed by an external dedicated app security team with ethical hackers whose goal is to discover and demonstrate vulnerabilities in the application.
Deployment & Post Deployment
Deployments to production servers are performed only by trusted and authorized engineers. Only very few pre-authorized engineers have access to TongueStun production environment. An information security team carries out periodic comprehensive tests. The tests are performed with the help of static analysis tools and aided by manual analysis.
Data Security
Our database resides within an internal network in AWS. It’s set not to be accessed from anywhere other than the application. Also it’s password protected. The database is hosted with a feature called multi zone availability - which ensures a standby copy of the database is available in a different zone just in case of failure. Apart from these, AWS performs daily backups. Our application is designed to make use of scopes - only his own records can be manipulated by a user. So even if a user tries to misuse any credentials, his own data will be affected. Data of rest of the users will be secure.
Network Security
All TongueStun products are hosted in AWS, with security managed by Amazon.
Regulatory Compliance
The third party payment processor used by TongueStun is PCI compliant, meaning credit card data is securely stored and processed. As the processors of personal information on behalf of our customers, we follow their instructions with respect to the information they control to the extent consistent with the functionality of our service. In doing so, we implement industry standard security, technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, personal information as more fully described in

Our data centers are hosted in AWS who are ISO 27001, SSAE-16 and HIPAA compliant.
Reporting issues and threats
If you have found any issues or flaws impacting the data security or privacy of TongueStun users, please write to security@tonguestun.in with the relevant information so we can get working on it right away.

Your request will be looked into immediately. We might ask for your guidance in identifying or replicating the issue and understanding any means to resolving the threat right away. Please be clear and specific about any information you give us. We deeply appreciate your help in detecting and fixing flaws in TongueStun, and will acknowledge your contribution to the world once the threat is satisfiable resolved.
Get in touch with us
If you have any questions or doubts, feel free to get in touch with us at techsupport@tonguestun.com, and we’ll get back to you right away.