ORIS logo HUB

Security

Your security is our top priority. Learn about the measures we take to protect your data and ensure a safe experience.

Last updated: January 2025

End-to-End Encryption SOC 2 Compliant GDPR Compliant 24/7 Monitoring

1. Our Security Commitment

At ORIS HUB™, security is not an afterthought—it's fundamental to everything we do. We are committed to protecting your data, maintaining your privacy, and ensuring the highest levels of security across our platform.

We understand that trust is earned through consistent, transparent security practices. That's why we invest heavily in security infrastructure, regular audits, and continuous monitoring to keep your data safe.

2. Data Encryption

2.1 Encryption in Transit

All data transmitted between your devices and our servers is encrypted using industry-standard protocols:

  • TLS 1.3 encryption for all web traffic
  • HTTPS for secure communication
  • Perfect Forward Secrecy (PFS) to protect past sessions
  • Strong cipher suites and key exchange algorithms

2.2 Encryption at Rest

All data stored on our servers is encrypted using:

  • AES-256 encryption for data at rest
  • Encrypted database storage with separate encryption keys
  • Key management through secure, isolated systems
  • Regular key rotation and access controls

3. Access Controls and Authentication

We implement multiple layers of access control to ensure only authorized users can access your data:

  • Multi-Factor Authentication (MFA): Required for all administrative accounts and available for all users
  • Strong Password Requirements: Enforced complexity and length requirements
  • Role-Based Access Control (RBAC): Granular permissions based on user roles
  • Single Sign-On (SSO): Enterprise-grade SSO support with SAML 2.0
  • Session Management: Automatic session timeout and secure session handling
  • IP Whitelisting: Optional IP-based access restrictions
  • Audit Logging: Comprehensive logging of all access attempts and actions

4. Infrastructure Security

4.1 Cloud Infrastructure

Our infrastructure is built on industry-leading cloud platforms with:

  • Redundant data centers across multiple geographic regions
  • Automated backups with point-in-time recovery
  • Disaster recovery plans tested regularly
  • 99.9% uptime SLA with monitoring and alerting

4.2 Network Security

Our network is protected by:

  • Firewalls and intrusion detection systems (IDS)
  • DDoS protection and mitigation
  • Network segmentation and isolation
  • Regular security assessments and penetration testing

5. Compliance and Certifications

We maintain compliance with major security and privacy standards:

  • SOC 2 Type II: Certified for security, availability, and confidentiality
  • GDPR: Full compliance with European data protection regulations
  • CCPA: Compliance with California Consumer Privacy Act
  • ISO 27001: Information security management system certification
  • HIPAA: Healthcare data protection compliance (for applicable services)

We undergo regular third-party security audits and assessments to maintain our certifications and ensure continuous improvement of our security posture.

6. Vulnerability Management

We maintain a proactive vulnerability management program to identify, assess, and remediate security vulnerabilities:

  • Regular automated security scanning of our codebase and infrastructure
  • Third-party security assessments and penetration testing
  • Bug bounty program for responsible disclosure
  • Rapid response team for critical security issues
  • Regular security patches and updates
  • Dependency scanning and management

If you discover a security vulnerability, please report it to security@orishub.com. We appreciate responsible disclosure and will work with you to address any issues.

7. Data Backup and Recovery

We implement comprehensive backup and recovery strategies to protect your data:

  • Automated daily backups with point-in-time recovery
  • Backups stored in geographically distributed locations
  • Encrypted backup storage with separate encryption keys
  • Regular backup restoration testing
  • Retention policies aligned with business requirements
  • Disaster recovery plans with documented RTO and RPO targets

Our recovery time objective (RTO) is less than 4 hours, and our recovery point objective (RPO) is less than 1 hour for critical systems.

8. Monitoring and Incident Response

8.1 Continuous Monitoring

We maintain 24/7 security monitoring through:

  • Real-time security event monitoring and alerting
  • Intrusion detection and prevention systems
  • Log aggregation and analysis
  • Anomaly detection using machine learning
  • Security information and event management (SIEM)

8.2 Incident Response

We have a dedicated security incident response team that:

  • Responds to security incidents within defined SLAs
  • Follows documented incident response procedures
  • Conducts post-incident reviews and improvements
  • Notifies affected users in accordance with legal requirements
  • Coordinates with law enforcement when necessary

9. Employee Security Practices

Our employees are trained and required to follow strict security practices:

  • Background checks for all employees with data access
  • Regular security awareness training and certification
  • Principle of least privilege access
  • Mandatory use of MFA for all company systems
  • Secure development lifecycle (SDLC) training
  • Confidentiality agreements and security policies
  • Regular access reviews and deprovisioning

All employees undergo annual security training and must acknowledge our security policies.

10. Third-Party Security

We carefully vet all third-party vendors and service providers that have access to our systems or data:

  • Security assessments before onboarding vendors
  • Regular security reviews and audits of third-party services
  • Contractual security requirements and SLAs
  • Data processing agreements for vendors handling personal data
  • Monitoring of third-party security incidents

We maintain a vendor risk management program to ensure all third parties meet our security standards.

11. Your Role in Security

Security is a shared responsibility. Here's how you can help keep your account and data secure:

  • Use a strong, unique password for your account
  • Enable multi-factor authentication (MFA)
  • Keep your devices and software up to date
  • Be cautious of phishing attempts and suspicious emails
  • Review your account activity regularly
  • Use secure networks when accessing the Service
  • Report any suspicious activity immediately

If you notice any suspicious activity on your account, please contact us immediately at security@orishub.com.

12. Security Updates and Communication

We are committed to keeping you informed about our security practices and any significant security updates:

  • Regular security blog posts and updates
  • Security advisories for significant issues
  • Transparent communication about security incidents
  • Annual security reports and transparency reports

This Security page is updated regularly to reflect our current security practices. We encourage you to review it periodically.

13. Contact Our Security Team

If you have security concerns, questions, or need to report a security issue, please contact our security team:

ORIS HUB™ Security Team

Security Email: security@orishub.com

General Inquiries: support@orishub.com

Website: orishub.com

Note: For security vulnerability reports, please include detailed information and allow us time to investigate before public disclosure.

Back to Home