Security and Compliance at TCG Cloud


Robust Infrastructure

Robust Infrastructure

The computing framework of TCG Cloud is hosted on Azure, a robust platform for cloud services. The physical components of Azure are certified by standards including SOC2, ISO/IEC 27001, and PCI DSS, among others, demonstrating its dedication to maintaining a secure, reliable, and regulatory-compliant environment. These certifications affirm that Azure's facilities and offerings are in strict alignment with critical industry norms and practices, ensuring the protection of client information and the achievement of operational excellence.

Controlled Access

Controlled Access, Logging, and Monitoring

Entry to our core infrastructure mandates the use of multi-factor authentication and is confined to specifically permitted staff. We restrict the visibility of customer information to only those employees who require it to deliver support and address issues on behalf of the customer. The approach to accessing customer information is strictly based on necessity.

All access to TCG Cloud systems and customer data is logged and monitored. We employ automated tools to detect suspicious activity and ensure that only authorized personnel access sensitive information. Regular reviews of access logs are conducted to identify and respond to potential security incidents promptly.

Protection of Data

Protection of Data & Privacy

We ensure that all sensitive information remains encrypted when stored, utilizing AES encryption. Additionally, we employ secure hashing for all user passwords, ensuring that they are never preserved in an unencrypted format.

TCG Cloud is committed to protecting the privacy of our customers and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR). We provide transparency regarding the collection, use, and storage of personal data, and support data subject rights such as access, rectification, and erasure. For privacy-related inquiries, please contact privacy@tcgprocess.com.

In-Transit Encryption

In-Transit Encryption

Interactions between our clients and our servers are safeguarded through 128-bit SSL/TLS encryption. For data in transit to and from our application servers, we adhere to the encryption protocols regarded as standard across the industry.

DDoS Mitigation

DDoS Mitigation, Continuous Monitoring, and Automated Security

TCG Cloud employs Azure's DDoS protection feature to defend its platform from Distributed Denial of Service disruptions. This incorporation bolsters security, guarantees continuous operation, and provides steadfast safeguarding of user data, underlining TCG Cloud's pledge to security and reliability.

We leverage continuous monitoring and automated security controls to maintain a strong security posture. Our systems are regularly scanned for vulnerabilities, and automated alerts are in place to notify our security team of any anomalies or threats.

Cybersecurity Education

Cybersecurity Education & Employee Background Checks

Mandatory cybersecurity training is in place for all staff at TCG Cloud, tailored specifically to address the risks inherent in cloud-based infrastructures. This training encompasses best practices in the industry, focusing on common cyber threats such as phishing, password security, and safe handling of attachments.

All TCG Cloud employees undergo background checks in accordance with local laws and regulations as part of our hiring process. This helps ensure that only trustworthy individuals have access to our systems and customer data.

Intrusion Testing

Intrusion Testing & Vulnerability Disclosure

Routine penetration assessments are carried out to evaluate our security stance and reveal any potential weak points, engaging the expertise of a neutral, certified external VAPT provider.

We encourage responsible disclosure of security vulnerabilities. If you believe you have discovered a vulnerability in TCG Cloud, please contact us at cloud.support@tcgprocess.com. Our team will investigate all legitimate reports and respond as quickly as possible.

Policy for Incident Management

Policy for Incident Management

A stringent protocol is established detailing our approach to managing security incidents and outlining the response procedures of our team.

Operational Resilience and Third-Party Assurance

Operational Resilience and Third-Party Assurance

Regular evaluations and updates are performed for third-party software and services. We promptly implement solutions for identified vulnerabilities, adhering to predetermined Service Level Agreements (SLAs).

We carefully assess and monitor the security practices of our third-party vendors and service providers. All vendors with access to sensitive data are required to meet our security and compliance standards, and are subject to regular reviews.

TCG Cloud maintains comprehensive business continuity and disaster recovery plans to ensure the availability and resilience of our services. Regular testing and updates of these plans are conducted to minimize the impact of potential disruptions and to ensure rapid recovery.

Customer Security Responsibilities

Customer Security Responsibilities

Security is a shared responsibility. While TCG Cloud provides a secure and compliant platform, customers are responsible for managing access to their accounts, safeguarding credentials, and following best practices for application and data security within their own environments.

Last updated: March 30, 2026