Security Compliance
Understand how O3 secures your workspace, encrypts database assets, and maintains regulatory compliance.
1. SOC 2 Type II Certified
O3 is SOC 2 Type II compliant. Our service systems, infrastructures, databases, and operational processes have been audited by independent certified auditors to verify adherence to AICPA Trust Services Criteria.
2. Encryption at Rest & In Transit
All user credentials, configurations, cached dashboard assets, and pgvector embeddings are encrypted at rest using AES-256 protocols. In-transit network exchanges between the browser, API gateway, and databases utilize TLS 1.3 encryption.
3. Network Isolation & Monitoring
Our services operate inside isolated private VPC clusters. We implement strict ingress network filters, rate-limiting rules, continuous vulnerability scans, and tamper-evident audit logs to safeguard systems against malicious attacks.
4. Third-Party Integrations Governance
When connecting external services (e.g. Slack webhooks, HubSpot tracking, Stripe API), O3 only requests the narrowest permission scope needed to execute your automations. You can revoke authorization scopes at any time.