Trust & Security

Tommy is on a mission to improve work-life-balance
and keeping your trust is critical to this mission.
privacy

Privacy

Privacy by design is second nature at Tommy. Our privacy policies are designed to protect your and your customers’ data and we hold frequent audits on how we can do better.

commits

Reliability

Tommy commits to 99.99% uptime and only works with stable and highly-vetted third-party vendors such as AWS and Stripe to ensure our services are always available.

security

Security

We protect your data with encryption and hold regular audits. Tommy keeps up-to-date on security measures to provide a high level of resiliency from identified risks.

server

Infrastructure

Tommy servers are all hosting in the cloud with Amazon Web Services (AWS).
AWS have strong safeguards in place to physically and digitally protect customer privacy.
  • AWS ensures that data is encrypted in transit with TLS across all servers.
  • Data is stored in highly secured AWS data centres.
lock

Protecting Data

Protecting your and your customers’ data is a constant at Tommy.
  • Data is backed up daily, sometimes more frequently than that.
  • All access to the Tommy service is restricted to HTTPS encrypted connections.
  • We don’t store credit card or payment details. This is strictly stored and managed by Stripe. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available.
  • User passwords are encrypted. Passwords are never stored in plain text.
tommy icon

Team Tommy Access

Access to infrastructure and other aspects of the Tommy environment, as well as customer data, is strictly limited to those within our team that absolutely need it.
  • Only our Engineering team has access to the production environment.
  • SSH keys are required for console access to servers in all of our environments.
  • We practice a minimal viable access to keep data limited to the scope of an employee. We often only enable access to aggregated snapshots of customer data for Tommy operations to understand and identify performance, financial and business insights.
  • Individual customer records are only accessed if operationally necessary. For example, to carry out a customer support request or resolve a significant system issue.
security report

How to Report a Security Issue?

To Report an incident of suspected misuse, abuse, or a security issue you have discovered you should contact security@mytommy.com immediately. For issues that affect a single account, please reach out to us via our usual support channels.

  • Tommy will acknowledge your report, usually within 1 business day.
  • A point of contact will be assigned. This person will be responsible for keeping track of the issue, as well as keeping you updated. Please note that this person may need to liaise with you to better understand the reported issue and the circumstances around it.
  • We will investigate the issue, determine the impact, and plan a resolution where necessary.
  • In most cases, for security reasons it is likely that we will be unable to disclose details of the issue until our investigation has been complete.
  • Once the issue has been resolved, we will likely post an update along with thanks and credit for the discovery.
mail

Contact Us

Have a question or concern? Please email us at security@mytommy.com

Get Started Today

Join teams across the world using Tommy to schedule faster, communicate better and get things done.

14 days free trial

Start Free Trial

Try the 14 day FREE trial of Tommy Plus with no credit card required.

    money

    See Pricing

    From our famous free forever plan to enterprise, we’ve got you covered.
    See Pricing

    missing-heading