As a tuto user, all your data is stored in our secure cloud environment, hosted by
Amazon Web Services. Geographically, the data is in the eu-west-1 region, Ireland.



On all of the recordings of our session, by default, the users’ personal data and texts are
masked, and you have the option to unmask part of it. The data is masked on the client-side, the user’s browser, before recording, which means it never reaches us
servers and DB’s.

When a new user arrives, we assign a unique user identifier (UUID), so we can keep
track of returning users, without saving any personal data and information, like IP

Given a UUID, all data can be deleted for this specific user.

GDPR Compliant.


tuto transits all the data from the user’s browser to tuto’s servers using HTTPS
All data pin transit between user’s browser and our cloud environment is encrypted
using HTTPS over TLS 1.2 (can be verify by an independent inquire that performs
via SSL Labs)


Using AWS Cognito for users’ login and authentication, without saving the password anywhere else.

All data stored in AWS S3 and RDS, which encrypted and private (except the CDN,
which has to be public for using from your website)

By default, all tuto’s server’s security configurations are set to deny-all on
connections inside the Virtual Private Cloud (VPC), except the required ports and
services, managed through Security Groups in our cloud environment.
tuto uses AWS to store our client’s data. For AWS certifications and audit
ISO-27001 Certification for AWS:
SOC2 third-party audit reports for AWS:



tuto’s script loads after the window is loaded – never delay your application


The script can only harm itself – if there is some problem (caught and
uncaught) with the script, tuto features may stop work, but your application will
work great like always

tuto API server workload is on a high standard (stored in Amazon Web Server).
ready for scale when needed, and shrink when not, giving your users and you
the best experience regards the actual workload.