Security

Security is at the core of everything we build. Here's how we protect your data.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your content is always protected.

Infrastructure

Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certified providers. Systems monitored 24/7.

Tenant Isolation

Each organization's data is logically isolated with strict access controls. Cross-tenant data access is architecturally prevented.

Authentication

Secure authentication with bcrypt password hashing. Enterprise plans include SSO/SAML integration for centralized access control.

Backups

Automated daily backups with point-in-time recovery. Your data is replicated across multiple availability zones.

Data Retention

Active data retained per your plan. Deleted accounts purged within 30 days. Full data export available at any time.

Compliance

GDPR compliant with data processing agreements available. We support data portability and right to deletion requests.

Report a Vulnerability

We take security reports seriously. If you discover a vulnerability, please report it responsibly to security@onairflow.com.

Response timeline: We acknowledge reports within 48 hours and target resolution of critical issues within 7 days.

Responsible disclosure: We ask researchers to allow reasonable time for remediation before public disclosure. We do not pursue legal action against researchers acting in good faith.