Security

Technical and organizational measures

• Encryption in transit (TLS) and, when applicable, encryption at rest.
• Access control with least privilege and periodic permission reviews.
• Availability monitoring and activity logs for audit purposes.
• Logical separation of data between organizations (multi-tenant isolation).

Backups and continuity

We maintain backup routines and recovery plans to reduce the risk of data loss. The goal is to ensure fast service restoration in case of incidents.

Vulnerability management

We apply security updates, technical reviews, and development best practices to reduce attack surfaces. We also evaluate vulnerabilities reported by users and partners.

Incident response

In the event of a security incident, we follow a response plan to contain impact, investigate root cause, and restore service. When applicable, we notify customers and authorities as required by law.

Shared responsibility

Security also depends on proper platform usage. We recommend customers use strong passwords, enable two-factor authentication when available, and keep access control within their teams.

Vulnerability disclosure

If you find a vulnerability, report it with details so we can investigate quickly. Contact us at security@ontyx.app.