Resources

Security Compliance

Understand how O3 secures your workspace, encrypts database assets, and maintains regulatory compliance.

1. SOC 2 Type II Certified

O3 is SOC 2 Type II compliant. Our service systems, infrastructures, databases, and operational processes have been audited by independent certified auditors to verify adherence to AICPA Trust Services Criteria.

2. Encryption at Rest & In Transit

All user credentials, configurations, cached dashboard assets, and pgvector embeddings are encrypted at rest using AES-256 protocols. In-transit network exchanges between the browser, API gateway, and databases utilize TLS 1.3 encryption.

3. Network Isolation & Monitoring

Our services operate inside isolated private VPC clusters. We implement strict ingress network filters, rate-limiting rules, continuous vulnerability scans, and tamper-evident audit logs to safeguard systems against malicious attacks.

4. Third-Party Integrations Governance

When connecting external services (e.g. Slack webhooks, HubSpot tracking, Stripe API), O3 only requests the narrowest permission scope needed to execute your automations. You can revoke authorization scopes at any time.