Requestor’s Guide to Data Protection
To ensure the security and confidentiality of your data when using Toloka, follow these best practices before uploading any personal or confidential data to the platform.
1. Anonymize or Pseudonymize Data Before Uploading
Whenever possible, replace personal identifiers with anonymized or pseudonymized values to minimize risks.
Example:
Instead of uploading raw customer data like:
"John Smith, john.smith@email.com, +1 234 567 8900"
Use pseudonymization techniques:
"User_12345, masked@email.com, +1 XXX XXX XXXX"
This way, even if a dataset is exposed, individual identities remain protected.
2. Limit Data to What is Strictly Necessary
Only upload the minimum amount of personal or sensitive data needed for your specific task.
Example:
- Do upload only necessary fields (e.g., transaction amounts, dates).
- Don’t upload full names, emails, or phone numbers if they are not needed.
3. Protect Access Credentials (Tokens, API Keys)
Create dedicated tokens for Toloka.
Do not use tokens provided to us in other systems and services.
Reusing tokens outside of Toloka increases security risks, and we cannot ensure their confidentiality if they are used elsewhere.
Use tokens with minimal necessary permissions for each specific task.
Example:
If your token provides access to multiple datasets, generate a separate token with the minimal required permissions for each specific task instead of using a single token for all actions.
4. Review and Verify Data Before Uploading
Before uploading, double-check that you are not unintentionally sharing sensitive or unnecessary information.
Example:
Check: Does your file contain confidential notes that shouldn't be uploaded?
Verify: Are there hidden metadata or comments that contain sensitive details?
Confirm: Are the correct access permissions set before submitting?
5. Use Secure Connections When Uploading Data
Always ensure that data is transferred using a secure and encrypted connection (e.g., HTTPS) to prevent unauthorized interception.
Example:
- Do use: A verified secure internet connection (avoid public Wi-Fi when uploading).
- Don't use: Untrusted third-party tools that may compromise your data.
By following these best practices, you reduce risks and enhance security while using Toloka.
Create dedicated tokens for Toloka.
Do not use tokens provided to us in other systems and services.
Reusing tokens outside of Toloka increases security risks, and we cannot ensure their confidentiality if they are used elsewhere.
Use tokens with minimal necessary permissions for each specific task.
Example:
If your token provides access to multiple datasets, generate a separate token with the minimal required permissions for each specific task instead of using a single token for all actions.
6. Ensuring File Type Accuracy in Uploaded Documents
Always verify that the uploaded file type matches the expected format. If you requested a specific file type, such as a spreadsheet, ensure the received file is in .xlsx or .csv format.
Example:
You request assistance in preparing a tax declaration and expect a structured document in .xlsx or .pdf format. However, the received file is named tax_declaration.exe, which is neither a valid document type nor appropriate for the requested task. Accepting such a file could pose security risks, including potential malware threats or data corruption. To ensure accuracy and safety, always verify that the file format aligns with your original request before opening or processing it.
