Security overview
Last updated: March 28, 2026
This overview summarizes how TuffOps, a product provided by CaribeSolutions Inc., approaches security for our cloud-based operations software. It is provided for general information and does not replace contractual commitments, which are set out in your order form or service agreement where applicable.
1. Security program
We maintain administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of data processed in the Services. We review and update our practices as our product and infrastructure evolve.
2. Data in transit and at rest
We use industry-standard encryption for data transmitted between your devices and our Services (for example, TLS). Data stored in our production environment is protected using encryption and access controls appropriate to the systems we operate.
3. Access control and authentication
Access to production systems and customer data is limited to authorized personnel who need it to operate and support the Services, and is subject to least-privilege principles. We support sign-in mechanisms appropriate to the product (such as passwords and, where offered, multi-factor authentication). Your organization controls user accounts and roles within the Services.
4. Hosting and subprocessors
We rely on reputable cloud infrastructure and service providers for hosting, monitoring, backups, and related functions. Subprocessors are engaged under agreements that require appropriate confidentiality and security measures. Details may be listed or updated in customer-facing documentation or your agreement.
5. Backups and availability
We employ backup and recovery practices intended to reduce the risk of data loss and to support continuity of service. No system is immune to failure; your organization should also maintain its own business continuity practices where appropriate.
6. Logging and monitoring
We log and monitor systems for operational performance, troubleshooting, and detection of potential security issues, in line with our privacy practices described in our Privacy Policy.
7. Vulnerability management and updates
We apply security patches and updates to our environment according to risk and operational needs. We may use automated tooling and manual review to identify issues in our applications and dependencies.
8. Incident response
If we become aware of a security incident that materially affects customer data, we will investigate, take steps to mitigate harm, and notify affected customers as required by law and contract.
9. Your responsibilities
Security is shared. Customers are responsible for:
- Maintaining strong passwords and safeguarding credentials;
- Managing users, roles, and permissions in line with internal policy;
- Ensuring devices used to access the Services are patched and protected;
- Using the Services only for lawful purposes and in compliance with applicable regulations for their industry and jurisdiction.
10. Reporting security issues
If you believe you have found a security vulnerability in the Services, please report it to security@tuffops.com with enough detail for us to reproduce the issue. We ask that you do not perform testing that could degrade service for other customers.