Skip to main content

onroi

Security & Compliance

Built with reliability and privacy in mind.

Security is part of our product foundation: authentication options, role controls, workspace isolation, and audit-friendly operations. We continually improve controls as our platform grows.

Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Database backups are encrypted and stored in geographically redundant locations. API tokens and secrets are stored using secure hashing and never logged in plain text.

Authentication

onroi supports email and password authentication with optional two-factor authentication via TOTP. Social login is available through Google, GitHub, and other OAuth providers. All sessions are managed with secure, HTTP-only cookies and automatic expiry.

Workspace Isolation

Each workspace is a fully isolated tenant. Users can only access workspaces they have been explicitly invited to, and all queries are scoped to the active tenant. Role-based access control ensures owners, admins, and members have appropriate permissions.

Compliance Goals

We are working toward SOC 2 Type II compliance and follow OWASP security best practices throughout our development lifecycle. We conduct regular dependency audits and apply security patches promptly. Our infrastructure runs on managed cloud services with industry-standard certifications.

Responsible Disclosure

If you discover a security vulnerability, please report it to us through our contact page. We take all reports seriously, investigate promptly, and will work with you to understand and resolve the issue. We do not pursue legal action against good-faith security researchers.

Contact us about security