Security at Ondorse
Keeping our customers' data protected at all times is our highest priority.
Trust CenterFor a full overview of our security posture, certifications, and compliance documentation, visit our Trust Center.
Company security
Ondorse is committed to the highest standards of information security:
- GDPR compliant: We process and protect personal data in accordance with EU data protection law.
- ISO 27001 certified: Our information security management system is independently certified.
- SOC 2 Type II: Annual audit by an independent auditor. Contact us to request the report.
- Security training: All employees follow recurring security training, enforced and monitored by Vanta.
- Penetration testing: Annual independent penetration testing of all our services.
Infrastructure security
Our infrastructure is built with security and resilience at its core:
- Hosted on AWS in Europe (ISO 27001, SOC 1, and SOC 2 certified)
- All data encrypted in transit using TLS 1.2+
- All data encrypted at rest using AES-256
- Business continuity plan including disaster recovery and automated data backups
Application security
Ondorse provides a range of controls to protect access to your workspace:
- Flexible authentication: SSO (Google, Azure AD, Okta, etc.), enterprise SSO via SAML, and MFA for password-based login
- Access control: Role-based access control (RBAC) and granular API key management
- Immutable audit trail: Every user interaction is logged and tamper-proof
- On-premise data storage: Available for customers with strict data residency requirements
- Vulnerability management: Continuous scanning and regular penetration testing
Vulnerability disclosure
If you believe you've discovered a potential security vulnerability, please report it responsibly by emailing [email protected].
We take all reports seriously and aim to respond promptly.