Security

1. Certifications & Compliance

Orbinto maintains compliance with industry-recognized standards and regulations to ensure your data is handled with the highest level of care.

Enterprise customers may request compliance documentation, SOC 2 reports (when available), and penetration test summaries under NDA. Contact security@orbinto.com.

2. Data Encryption

All data is encrypted both in transit and at rest. We never transmit or store data in plaintext.

2.1 In Transit

• TLS 1.2 and 1.3 enforced on all connections — API, dashboard, chat widget, and webhooks.
• HSTS (HTTP Strict Transport Security) enabled with a minimum 1-year max-age directive.
• Perfect Forward Secrecy (PFS) ensures that session keys cannot be compromised even if the server's private key is exposed in the future.
• Strong cipher suites only — legacy ciphers (RC4, 3DES, SHA-1) are disabled.
• SSL/TLS configuration achieves an "A+" rating on SSL Labs.

2.2 At Rest

• AES-256 encryption for all stored data including chat transcripts, visitor tracking data, session recordings, account data, and backups.
• Database encryption via AWS RDS with encrypted storage volumes.
• Backup encryption — all backups are encrypted with AES-256 and stored in separate AWS regions for disaster recovery.
• BYOK (Bring Your Own Key) available on Enterprise plan — use your own encryption keys managed through AWS KMS for full key control.

2.3 Feature-Specific Encryption

3. Infrastructure & Hosting

3.1 Cloud Provider

Orbinto is hosted on Amazon Web Services (AWS), which maintains SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, PCI DSS Level 1, and FedRAMP certifications. AWS data centers undergo regular third-party audits.

3.2 Architecture

• Region: US-East-1 (N. Virginia) as primary. EU (Frankfurt) available for Enterprise data residency.
• VPC isolation: All production infrastructure runs within a dedicated Virtual Private Cloud with private subnets. No direct internet access to databases or internal services.
• Network segmentation: Application servers, databases, caching layers, and storage are on separate network segments with strict firewall rules.
• Load balancing: Application Load Balancers distribute traffic with health checks and automatic failover.
• DDoS protection: AWS Shield Standard provides always-on network flow monitoring and inline mitigation.

3.3 Uptime & Reliability

• 99.9% uptime SLA for Enterprise customers.
• Automated monitoring: 24/7 infrastructure monitoring with alerting on latency, error rates, and resource utilization.
• Auto-scaling: Application instances scale automatically based on traffic and load.
• Scheduled maintenance: Announced at least 24 hours in advance. Zero-downtime deployments used whenever possible.

3.4 Disaster Recovery

4. Access Control & Authentication

4.1 Customer-Facing Controls

Orbinto provides the following security features for your account:

4.2 Internal Access Controls

Orbinto employees follow strict access policies:

• Principle of least privilege: Employees are granted only the minimum access required for their role.
• MFA enforced: All employee accounts require multi-factor authentication for all systems — no exceptions.
• Access reviews: Quarterly reviews of all employee access permissions. Unused access is revoked.
• Offboarding: All access is revoked within 24 hours of an employee's last day.
• Production access: Limited to a small number of senior engineers via a bastion host with session recording. All production access is logged.
• No customer data on devices: Employees do not download or store customer data on personal or corporate devices.

5. Data Privacy & Sensitive Data Handling

5.1 Chat Data

• Automatic credit card masking: Credit card numbers detected in chat messages are automatically redacted before storage. Operators see masked values (e.g., **** **** **** 4242).
• PII detection: Configurable rules to detect and flag sensitive information (SSN patterns, bank account numbers) in chat transcripts.
• File attachments: Scanned for malware before being delivered to operators. Stored encrypted with time-limited signed URLs.

5.2 Session Recordings

Session recordings capture user interactions for analysis but are designed with privacy in mind:

• Automatic sensitive-field masking: Password inputs, credit card fields, and other sensitive form elements are automatically detected and masked. Their content is never captured.
• Custom masking rules: Add CSS selectors for any additional elements you want excluded from recordings.
• Consent required: Recording only begins after end-user consent (configurable opt-in prompt).
• Access control: Only account owners and admins can view recordings. Operator access is configurable.
• Retention: 90 days by default. Configurable on Enterprise. Recordings can be deleted individually at any time.

5.3 Visitor Tracking

• IP anonymization: Option to mask the last octet of IP addresses to comply with strict privacy requirements.
• Cookie consent: Built-in consent banner for EU visitors. Tracking does not activate until consent is given.
• Data minimization: Configure exactly which data points are collected. Disable any category you don't need.
• No cross-site tracking: The Orbinto tracking script does not track users across websites.

5.4 CRM Integration Security

• OAuth 2.0: All CRM connections use industry-standard OAuth 2.0. Orbinto never asks for or stores CRM passwords.
• Token encryption: OAuth refresh tokens are encrypted at rest with application-level encryption, separate from database encryption.
• Scope limitation: We request only the minimum OAuth scopes needed for the integration to function.
• Revocation: Customers can disconnect CRM integrations at any time. Tokens are immediately revoked and cached CRM data is deleted within 30 days.

6. AI Security & Trust

Orbinto's AI features (writing assistant, auto-summaries, auto-tagging, NLP chatbots) process sensitive customer conversations. We take AI security seriously:

6.1 Data Handling

• Your data never trains our AI models. Conversation data is processed in real-time to generate responses and is not retained by AI providers for model training or improvement.
• Ephemeral processing: AI inputs are sent to the model, a response is generated, and the input is discarded by the AI provider. No persistent storage of your data on AI infrastructure.
• Data isolation: Each customer's data is processed independently. There is no cross-contamination between accounts.

6.2 Model Security

• Prompt injection prevention: Input sanitization and output validation to prevent prompt injection attacks against AI chatbots.
• Output filtering: AI-generated responses are filtered for harmful content, PII leakage, and off-topic responses before delivery.
• Human-in-the-loop: AI writing suggestions are presented to operators for review — they are never sent directly to end-users without human approval.

6.3 Transparency

• End-users interacting with AI chatbots are informed they are communicating with an automated system (configurable disclosure message).
• AI features can be completely disabled at any time from Settings with no impact on other functionality.
• Customers can request a summary of AI Data Protection Impact Assessments. See our GDPR page.

7. Application Security

7.1 Secure Development Lifecycle

• Code review: All code changes require peer review before merging. Security-sensitive changes require review by a senior engineer.
• Automated testing: CI/CD pipeline includes unit tests, integration tests, and security-focused tests on every commit.
• Dependency scanning: Automated scanning for known vulnerabilities in third-party dependencies. Critical vulnerabilities are patched within 24 hours.
• Static analysis: Automated static analysis tools scan code for security flaws (injection, XSS, CSRF, etc.) as part of the CI/CD pipeline.
• OWASP Top 10: Development practices specifically address all OWASP Top 10 vulnerability categories.

7.2 Penetration Testing

• Third-party penetration tests conducted annually by independent security firms.
• Scope includes the web application, API, chat widget, and infrastructure.
• Findings are remediated according to severity — Critical within 24 hours, High within 7 days, Medium within 30 days.
• Enterprise customers may request a summary of the most recent penetration test results under NDA.

7.3 Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue:

• Email security@orbinto.com with details of the vulnerability.
• Include steps to reproduce, potential impact, and any suggested remediation.
• We will acknowledge your report within 48 hours and provide a timeline for resolution.
• We will not pursue legal action against researchers who report vulnerabilities in good faith and follow responsible disclosure practices.
• We credit researchers (with permission) after the vulnerability is resolved.

8. Employee Security

• Background checks: All employees with access to production systems or customer data undergo background verification.
• Security training: Mandatory security awareness training during onboarding and annual refreshers covering phishing, social engineering, data handling, and incident reporting.
• Confidentiality agreements: All employees and contractors sign confidentiality and non-disclosure agreements.
• Encrypted devices: All employee computers use full-disk encryption. Mobile devices with access to company systems require a passcode and remote-wipe capability.
• No customer data on devices: Customer data is never downloaded to or stored on employee devices. All access occurs through secured, audited channels.
• Separation of duties: No single employee can deploy code to production, access the database, and modify security configurations. Critical actions require multi-person approval.

9. Incident Response

Orbinto maintains a documented Incident Response Plan that is tested and updated regularly.

9.1 Response Process

1. Detection & Triage: Automated monitoring systems detect anomalies. Security team triages and classifies severity within 1 hour.
2. Containment: Affected systems are isolated to prevent further impact. Compromised credentials are rotated immediately.
3. Investigation: Root cause analysis using logs, audit trails, and forensic tools.
4. Notification: Affected customers notified within 72 hours of breach confirmation (per GDPR Article 33). Notification includes scope, affected data, and remediation steps.
5. Remediation: Vulnerability patched, systems restored, and preventive measures implemented.
6. Post-Incident Review: Detailed post-mortem with timeline, root cause, and lessons learned. Process improvements implemented.

9.2 Severity Classification

10. Sub-Processors & Third-Party Management

Orbinto carefully vets all third-party providers that process customer data. Every sub-processor must:

• Sign a Data Processing Agreement (DPA) with Orbinto
• Demonstrate compliance with SOC 2, ISO 27001, or equivalent security standards
• Undergo a security assessment before onboarding and periodic reassessment

We notify customers 30 days in advance of adding or changing sub-processors. Subscribe to updates by emailing privacy@orbinto.com.

11. Physical Security

Orbinto's infrastructure is hosted in AWS data centers, which maintain world-class physical security:

• 24/7 on-site security personnel and video surveillance
• Multi-factor access controls including biometric scanning and key-card entry
• Man-trap entry systems at all access points
• Environmental controls (fire suppression, climate management, flood detection)
• Redundant power with UPS and backup generators
• Regular third-party physical security audits

Full details of AWS physical security are available in the AWS Data Center Controls documentation.

Orbinto offices: No customer data is stored in or accessible from Orbinto's physical offices. All data access occurs through secured, encrypted, and audited remote connections.

12. Business Continuity

Orbinto maintains a Business Continuity Plan (BCP) to ensure service availability during disruptions:

• Geographic redundancy: Backups are stored in a separate AWS region from production.
• Database replication: Real-time replication with automated failover for the primary database.
• Multi-AZ deployment: Application servers run across multiple Availability Zones within the primary region.
• DR drills: Quarterly disaster recovery exercises to validate backup restoration and failover procedures.
• Communication plan: Status page and email notifications for customers during service disruptions.

13. Trust Resources

The following documents are available to help your security and procurement teams evaluate Orbinto:

14. Changes to This Page

We reserve the right to update this Security page at any time to reflect changes in our security practices, infrastructure, or compliance status. Material changes will be communicated to customers via email. The "Last updated" date at the top of this page reflects the most recent revision.

15. Contact

For security-related inquiries, reports, or document requests:

• Security team: security@orbinto.com
• Vulnerability reports: security@orbinto.com (include "Vulnerability Report" in the subject)
• Privacy / GDPR: privacy@orbinto.com
• Legal / DPA: legal@orbinto.com

We acknowledge all security inquiries within 48 hours.